Lucene search

K
certCERTVU:598349
HistorySep 05, 2018 - 12:00 a.m.

Automatic DNS registration and proxy autodiscovery allow spoofing of network services

2018-09-0500:00:00
www.kb.cert.org
738

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.935

Percentile

99.2%

Overview

Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device.

Description

The Web Proxy Automatic Discovery (WPAD) protocol is used to automatically provide proxy configuration information to devices on a network. Clients issue a special DHCP request to obtain the information for the proxy configuration, but will fall back on a DNS request to one of several standardized URLs making use of the subdomain name of “wpad” if a DHCP response is unavailable.An attacker with local area network (LAN) access may be able to add a device with the name “wpad” to the network, which may produce a collision with a standardized WPAD DNS name. Many customer premise home/office routers (including, but not limited to, Google Wifi and Ubiquiti UniFi) automatically register device names as DNS A records on the LAN, which may allow an attacker to utilize a specially named and configured device to act as a WPAD proxy configuration server. The attacker-served proxy configuration can result in the loss of confidentiality and integrity of any network activity by any device that utilizes WPAD.

Other autodiscovery names such as ISATAP may also be exploitable.

Impact

An attacker, with access to the network, could add a malicious device to the network with the name “WPAD”. This attacker may be able to utilize DNS auto-registration and auto-discovery to act as a proxy for victims on the network, resulting in a loss of confidentiality and integrity of network activity.

Solution

Home/office LAN/WLAN routers should not auto-register to their local DNS magic names related to auto-configuration and auto-discovery features should not accept mDNS based names as authoritative sources.

Apply the vendor patch.

Vendor Information

598349

Filter by status: All Affected Not Affected Unknown

Filter by content: __Additional information available

__Sort by: Status Alphabetical

Expand all

Javascript is disabled. Clickhere to view vendors.

ADTRAN __ Affected

Notified: July 18, 2018 Updated: September 04, 2018

Statement Date: August 30, 2018

Status

Affected

Vendor Statement

ADTRAN has affected products and their advisory will be available at the vendor web site.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

MikroTik Affected

Notified: July 18, 2018 Updated: September 19, 2018

Statement Date: September 10, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Pi-Hole Affected

Updated: October 01, 2018

Statement Date: September 08, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Synology __ Affected

Notified: July 18, 2018 Updated: September 05, 2018

Statement Date: July 20, 2018

Status

Affected

Vendor Statement

Synology has prepared updates to the majority of their products to fix this vulnerability. Please check https://www.synology.com/en-global/support/security/Synology_SA_18_53.

Vendor References

Addendum

Synology has released updates to our majority products for fixing the vulnerability:
List of affected products:`` ``https://www.synology.com/en-global/support/security/Synology_SA_18_53
- DSM 6.2.1-23824 (https://www.synology.com/en-us/releaseNote/FS3017)
- SRM 1.1.7-6941-2 (https://www.synology.com/en-us/releaseNote/RT2600ac)

We will publish a security advisory after public disclosure. Thank you.

- Synology Security Team.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

TippingPoint Technologies Inc. __ Affected

Notified: July 18, 2018 Updated: October 23, 2018

Statement Date: October 08, 2018

Status

Affected

Vendor Statement

`The WPAD attack mechanism is not filterable by TippingPoint.However, the Jscript payload is filterable.

Here is the list of JS vulnerabilities from Project Zero

The WPAD attack mechanism is not filterable by TippingPoint. However, the Jscript payload is filterable.

Here is the list of JS vulnerabilities from Project Zero + our filters


| Google ID | CVE | SigKB |

| 1376 | CVE-2017-11903 | 30079 |
| 1340 | CVE-2017-11810 | 29707 |
| 1381 | CVE-2017-11793 | 29705 |
| 1369 | CVE-2017-11890 | 30068 |
| 1383 | CVE-2017-11907 | 30081 |
| 1378 | CVE-2017-11855 | 29918 |
| 1382 | CVE-2017-11906 | - |
---------------------------------------`

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubiquiti Networks __ Affected

Notified: July 18, 2018 Updated: September 06, 2018

Statement Date: September 05, 2018

Status

Affected

Vendor Statement

The recently launched UniFi Security Gateway firmware (4.4.28) that fix the vulnerability “VU#598349”:

https://community.ubnt.com/t5/UniFi-Updates-Blog/USG-Firmware-v4-4-28-now-available/ba-p/2482349.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Ceragon Networks Inc __ Not Affected

Notified: July 18, 2018 Updated: August 22, 2018

Statement Date: August 02, 2018

Status

Not Affected

Vendor Statement

Not Affected.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Check Point Software Technologies __ Not Affected

Notified: July 18, 2018 Updated: July 20, 2018

Statement Date: July 19, 2018

Status

Not Affected

Vendor Statement

Check Point Software Technologies is not vulnerable to this.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Juniper Networks __ Not Affected

Notified: July 18, 2018 Updated: July 20, 2018

Statement Date: July 19, 2018

Status

Not Affected

Vendor Statement

Thank you for sending us this report. As per our initial assessment, Juniper routers are unaffected since they do not consider host names provided in DHCP requests. If our devices are found vulnerable we will take steps to fix them and publish advisories on or after public disclosure of this issue.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NLnet Labs __ Not Affected

Notified: July 18, 2018 Updated: July 23, 2018

Statement Date: July 23, 2018

Status

Not Affected

Vendor Statement

Since NSD does not have DHCP DNS registration and autodiscovery functionality, we need to take no action. So NSD is not vulnerable.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

3com Inc Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

8e6 Technologies Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

A10 Networks Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ACCESS Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ANTlabs Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ARRIS Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ASP Linux Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AT&T Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AVM GmbH Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Actelis Networks Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Actiontec Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aerohive Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AhnLab Inc Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AirWatch Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Akamai Technologies, Inc. Unknown

Notified: July 23, 2018 Updated: July 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alcatel-Lucent Enterprise Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alpha Networks Inc Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alpine Linux Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alvarion Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Amazon Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Android Open Source Project Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aperto Networks Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Appgate Network Security Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Apple Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arch Linux Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arista Networks, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aruba Networks Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AsusTek Computer Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Atheros Communications, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avaya, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Barnes and Noble Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Barracuda Networks Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Belkin, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Bell Canada Enterprises Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Bit9 Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BlackBerry Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Bloxx Ltd Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Blue Coat Systems Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BlueCat Networks, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Blunk Microsystems Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Broadcom Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Brocade Communication Systems Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BullGuard Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CA Technologies Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CMX Systems Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cambium Networks Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CentOS Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cirpack Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cisco Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Comcast Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Command Software Systems Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Contiki OS Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CoreOS Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cradlepoint Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cricket Wireless Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

D-Link Systems, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Debian GNU/Linux Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell EMC Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell SecureWorks Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DesktopBSD Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Deutsche Telekom Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Devicescape Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Digi International Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DragonFly BSD Project Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ENEA Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

EfficientIP SAS Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ericsson Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Espressif Systems Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

European Registry for Internet Domains Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Express Logic Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Extreme Networks Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F-Secure Corporation Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F5 Networks, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fastly Unknown

Notified: August 29, 2018 Updated: August 29, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fedora Project Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Force10 Networks Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fortinet, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Foundry Brocade Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD Project Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GFI Software, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GNU adns Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GNU glibc Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Geexbox Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Google Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HP Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HTC Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HardenedBSD Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hewlett Packard Enterprise Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hitachi Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HomeSeer Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Honeywell Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Huawei Technologies Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Corporation (zseries) Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Global Services Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM eServer Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM, INC. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

INTEROP Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Illumos Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

InfoExpress, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Infoblox Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Inmarsat Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intel Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium - DHCP Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Interniche Technologies, inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

JH Software Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Joyent Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Kyocera Communications Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LANCOM Systems GmbH Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LG Electronics Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lancope Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lantronix Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lenovo Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Linksys Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lynx Software Technologies Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Marvell Semiconductors Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

McAfee Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MediaTek Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Medtronic Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Men & Mice Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MetaSwitch Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Micro Focus Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microchip Technology Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microsoft Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microsoft Vulnerability Research Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Miredo Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Mitel Networks, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MontaVista Software, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Motorola, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Muonics, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NAS4Free Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NEC Corporation Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NETSCOUT Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NIKSUN Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBSD Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBurner Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Netgear, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nexenta Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nixu Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nokia Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nominum Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OmniTI Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenBSD Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenConnect Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenDNS Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenIndiana Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Openwall GNU/*/Linux Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oracle Corporation Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oryx Embedded Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

PHPIDS Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Paessler Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Pantech North America Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Peplink Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Philips Electronics Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

PowerDNS Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Proxim, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Pulse Secure Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QLogic Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QNX Software Systems Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QUALCOMM Incorporated Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quadros Systems Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quagga Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quantenna Communications Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ReefEdge, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Riverbed Technologies Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Rocket RTOS Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Roku Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ruckus Wireless Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SMC Networks, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SafeNet Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung Mobile Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung Semiconductor Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Secure64 Software Corporation Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sierra Wireless Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Slackware Linux Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Snort Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SonicWall Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sonos Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sony Corporation Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sophos, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sourcefire Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sybase Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Symantec Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TCPWave Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TP-LINK Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Technicolor Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

The Open Group Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

The SCO Group (SCO Unix) Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Tizen Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Toshiba Commerce Solutions Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TrueOS Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Turbolinux Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Unisys Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

VMware Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vertical Networks, Inc. Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Wind River Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

WizNET Technology Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Xiaomi Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Xilinx Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zebra Technologies Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zephyr Project Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ZyXEL Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

aep NETWORKS Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

dnsmasq Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eero Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

gdnsd Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

iPass Inc Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

m0n0wall Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netsnmp Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netsnmpj Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

pfSENSE Unknown

Notified: July 18, 2018 Updated: July 18, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

View all 226 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base 0 AV:–/AC:–/Au:–/C:–/I:–/A:–
Temporal 0 E:ND/RL:ND/RC:ND
Environmental 0 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Acknowledgements

This attack was found, tested and reported by Ossi Salmi, Mika Seppänen, Marko Laakso and Kasper Kyllönen of Arctic Security. We asked help of Jussi Eronen and Iikka Sovanto of NCSC-FI in reaching out the vendor representatives.

This document was written by Laurie Tyzenhaus and Garret Wasserman.

Other Information

CVE IDs: CVE-2017-11903, CVE-2017-11810, CVE-2017-11793, CVE-2017-11890, CVE-2017-11907, CVE-2017-11906, CVE-2017-11855
Date Public: 2018-09-05 Date First Published:

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.935

Percentile

99.2%