8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
77.1%
Multiple Virtual Private Network (VPN) applications store the authentication and/or session cookies insecurely in memory and/or log files.
Virtual Private Networks (VPNs) are used to create a secure connection with another network over the internet. Multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.
CWE-311: Missing Encryption of Sensitive Data
The following products and versions store the cookie insecurely in log files:
- CVE-2019-1573: Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0
- CVE-2019-11213: Pulse Desktop Client 9.0R2 and earlier and 5.3R6 and earlier; Pulse Connect Secure (for Network Connect customers) 9.0R2 and earlier, 8.3R6 and earlier, and 8.1R13 and earlier
The following products and versions store the cookie insecurely in memory:
- CVE-2019-1573: Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0
- CVE-2019-11213: Pulse Desktop Client 9.0R2 and earlier and 5.3R6 and earlier; Pulse Connect Secure (for Network Connect customers) 9.0R2 and earlier, 8.3R6 and earlier, and 8.1R13 and earlier
- Cisco AnyConnect 4.7.x and prior
It is likely that this configuration is generic to additional VPN applications. If you believe that your organization is vulnerable, please contact CERT/CC at [email protected] with the affected products, version numbers, patch information, and self-assigned CVE.
If an attacker has persistent access to a VPN user’s endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods. An attacker would then have access to the same applications that the user does through their VPN session.
Apply an update
CVE-2019-1573
Palo Alto Networks GlobalProtect Agent version 4.1.1 and later for Windows and GlobalProtect Agent version 4.1.11 and later for macOS patch this vulnerability.
CVE-2019-11213
Update Pulse Secure Desktop Client and Network Connect to the following versions:
Desktop Client
- Pulse Secure Desktop 9.0R3 and above
- Pulse Secure Desktop 5.3R7 and above
- Note: For Pulse Desktop Client customer, this is a client-side fix only and does not require a server-side upgrade.
Network Connect
- Pulse Connect Secure 9.0R3 and above
- Pulse Connect Secure 8.3R7 and above
- Pulse Connect Secure 8.1R14 and above
CERT/CC is unaware of any patches at the time of publishing for Cisco AnyConnect.
192371
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 31, 2019 Updated: April 17, 2019
Statement Date: February 13, 2019
Affected
We are not aware of any situation where a currently valid session token is written to log files.
The storage of the session cookie within process memory of the client and in cases of clientless sessions the web browser while the sessions are active are not considered to be an unwarranted exposure. These values are required to maintain the operation of the session per design of the feature should session re-establishment be required due to network interruption. We have documented the concerns and the engineering teams will incorporate this feedback into discussions for future design improvements of the Cisco AnyConnect VPN solution.
It should also be noted that all session material stored by both the Client and Clientless solutions are destroyed once the sessions is deliberately terminated by the client.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: April 11, 2019
Affected
We have not received a statement from the vendor.
F5 has been aware of the insecure memory storage since 2013 and has not yet been patched. More information can be found here <https://support.f5.com/csp/article/K14969>.
They have been aware of the insecure log storage since 2017 and fixed it in version 12.1.3 and 13.1.0 and onwards. More information can be found here <https://support.f5.com/csp/article/K45432295>
Notified: January 31, 2019 Updated: April 11, 2019
Affected
We have not received a statement from the vendor.
CVE-2019-1573
Update to GlobalProtect Agent 4.1.1 and later for Windows, and GlobalProtect Agent 4.1.11 and later for macOS.
Notified: January 31, 2019 Updated: April 17, 2019
Statement Date: April 13, 2019
Affected
SA44114 - 2019-04: Out-of-Cycle Advisory: Pulse Desktop Client and Network
Connect improper handling of session cookies (CVE-2016-8201)
Affected Products:
Pulse Desktop Client
Pulse Desktop Client 9.0R1 - 9.0R2
Pulse Desktop Client 5.3R1 - 5.3R6
Pulse Connect Secure (for Network Connect customers)
Pulse Connect Secure 9.0R1 - 9.0R2
Pulse Connect Secure 8.3R1 - 8.3R6
Pulse Connect Secure 8.1R1 - 8.1R13
CVE-2016-8201 has been applied to this vulnerability.
This issue is resolved in the following releases:
Pulse Desktop Client
Pulse Secure Desktop 9.0R3 and above
Pulse Secure Desktop 5.3R7 and above
Note: For Pulse Desktop Client customer, this is a client-side fix only and does not require a server-side upgrade.
Network Connect
Pulse Connect Secure 9.0R3 and above
Pulse Connect Secure 8.3R7 and above
Pulse Connect Secure 8.1R14 and above
<https://nvd.nist.gov/vuln/detail/CVE-2016-8201>
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: April 18, 2019
Not Affected
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: April 01, 2019
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 12, 2019
Statement Date: April 12, 2019
Not Affected
We have not received a statement from the vendor.
LANCOM products are not affected by this vulnerability because session cookies are not used.
Notified: January 31, 2019 Updated: April 24, 2019
Not Affected
Peplink/Pepwave products are not affected by this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: April 17, 2019
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: April 18, 2019
Statement Date: April 18, 2019
Not Affected
Last week, CERT released Vulnerability Note VU#192371 to highlight that authentication and/or session cookies that are stored insecurely in memory and/or log files can be potentially used in a replay attack. The use of hardware fingerprinting, client certificates, and SAML assertions in Zscaler App make it impractical to replay authentication session cookies obtained from memory and use these on another system.
In addition, no personal or confidential information is stored in the Zscaler App logs.
Zscaler App is not vulnerable to the replay attack as described under Vulnerability Note VU#192371.
Validated on Zscaler App v1.5 and earlier versions
About Zscaler App
The Zscaler App automatically forwards user traffic to the Zscaler cloud and ensures that security and access policies are enforced, regardless of device, location or application. The app automatically determines if a user is looking to access the open internet, a SaaS app or an internal app running in public, private or the datacenter and routes traffic through the appropriate Zscaler security service. The client supports both Zscaler Internet Access (ZIA) as well as Zscaler Private Access (ZPA) by default, allowing teams to combine best in class internet security with zero trust access to internal apps.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: April 24, 2019
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: April 01, 2019
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 31, 2019 Updated: January 31, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 11, 2019 Updated: April 11, 2019
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 238 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 5.7 | AV:L/AC:L/Au:S/C:C/I:P/A:P |
Temporal | 4.5 | E:POC/RL:OF/RC:C |
Environmental | 4.5 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
Thanks to the National Defense ISAC Remote Access Working Group for reporting this vulnerability.
This document was written by Madison Oliver.
CVE IDs: | CVE-2019-1573, CVE-2019-11213 |
---|---|
Date Public: | 2019-04-10 Date First Published: |
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
77.1%