CVE-2024-28894

2024-04-1511:15:08

[email protected]

web.nvd.nist.gov

cve-2024-28894

ipv6 headers

unauthenticated attacker

crafted packet

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet.

Affected configurations

Vulners

Node

dmg_mori_digital_co.\,_ltd._and_next_co.\,_ltd.cente_ipv6Match1.51

dmg_mori_digital_co.\,_ltd._and_next_co.\,_ltd.cente_ipv6_snmpv2Match2.30

dmg_mori_digital_co.\,_ltd._and_next_co.\,_ltd.cente_ipv6_snmpv3Match2.30

CNA Affected

[
  {
    "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
    "product": "Cente IPv6",
    "versions": [
      {
        "version": "Ver.1.51 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
    "product": "Cente IPv6 SNMPv2",
    "versions": [
      {
        "version": "Ver.2.30 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
    "product": "Cente IPv6 SNMPv3",
    "versions": [
      {
        "version": "Ver.2.30 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU94016877/

www.cente.jp/obstacle/4960/