Lucene search

K
cloudfoundryCloud FoundryCFOUNDRY:1A91EDE432C17AF89F8A4DC15F5D5A55
HistoryDec 14, 2017 - 12:00 a.m.

USN-3505-1: Linux firmware vulnerabilities | Cloud Foundry

2017-12-1400:00:00
Cloud Foundry
www.cloudfoundry.org
62

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.004

Percentile

72.8%

Severity

High

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04

Description

Mathy Vanhoef discovered that the firmware for several Intel WLAN devices incorrectly handled WPA2 in relation to Wake on WLAN. A remote attacker could use this issue with key reinstallation attacks to obtain sensitive information. (CVE-2017-13080, CVE-2017-13081)

Affected Cloud Foundry Products and Versions

Severity is high unless otherwise noted.

  • Cloud Foundry BOSH stemcells are vulnerable, including:
    • 3421.x versions prior to 3421.34
    • 3445.x versions prior to 3445.19
    • 3468.x versions prior to 3468.13
    • All other stemcells not listed.

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends upgrading the following BOSH stemcells:
    • Upgrade 3421.x versions prior to 3421.34
    • Upgrade 3445.x versions prior to 3445.19
    • Upgrade 3468.x versions prior to 3468.13
    • All other stemcells should be upgraded to the latest version available on bosh.io.

References

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.004

Percentile

72.8%