Multiple Embedded TCP/IP Stacks

2020-12-08T00:00:00

Description

## 1\. EXECUTIVE SUMMARY * **CVSS v3 9.8** * **ATTENTION:** Exploitable remotely/low skill level to exploit * **Vendor: **Multiple (open source) * **Equipment:** uIP-Contiki-OS, uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net * **Vulnerabilities:** Infinite Loop, Integer Wraparound, Out-of-bounds Read, Integer Overflow, Out-of-bounds Write, Improper Input Validation, Improper Null Termination CISA is aware of a public report, known as “AMNESIA:33” that details vulnerabilities found in multiple open-source TCP/IP stacks. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks. The various open-source stacks may be implemented in forked repositories. ## 2\. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to corrupt memory, put devices into infinite loops, access unauthorized data, and/or poison DNS cache. ## 3\. TECHNICAL DETAILS ### 3.1 AFFECTED PRODUCTS The following are affected: * uIP-Contiki-OS (end-of-life [EOL]), Version 3.0 and prior * uIP-Contiki-NG, Version 4.5 and prior * uIP (EOL), Version 1.0 and prior * open-iscsi, Version 2.1.12 and prior * picoTCP-NG, Version 1.7.0 and prior * picoTCP (EOL), Version 1.7.0 and prior * FNET, Version 4.6.3 * Nut/Net, Version 5.1 and prior ### 3.2 VULNERABILITY OVERVIEW #### 3.2.1 [LOOP WITH UNREACHABLE EXIT CONDITION ('INFINITE LOOP') CWE-835](<https://cwe.mitre.org/data/definitions/835.html>) The function used in uIP-Contiki-OS to process IPv6 extension headers and extension header options can be forced into an infinite loop state due to unchecked header/option lengths. [CVE-2020-13984](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13984>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.2 [INTEGER WRAPAROUND CWE-190](<https://cwe.mitre.org/data/definitions/190.html>) The function used in uIP-Contiki-OS to decapsulate RPL extension headers does not check for unsafe integer conversion when parsing the values provided in a header, allowing an attacker to corrupt memory. [CVE-2020-13985](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13985>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.3 [LOOP WITH UNREACHABLE EXIT CONDITION ('INFINITE LOOP') CWE-835](<https://cwe.mitre.org/data/definitions/835.html>) The function used in uIP-Contiki-OS to decapsulate RPL extension headers does not check the length value of an RPL extension header received, allowing an attacker to cause it to enter an infinite loop. [CVE-2020-13986](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13986>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.4 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) The function in open-iscsi, uIP-Contiki-OS, and uIP that parses incoming transport layer packets (TCP/UDP) does not check the length fields of packet headers against the data available in the packets. Given arbitrary lengths, an out-of-bounds memory read may be performed during the checksum computation. [CVE-2020-13987](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13987>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)). #### 3.2.5 [INTEGER OVERFLOW CWE-190](<https://cwe.mitre.org/data/definitions/190.html>) The function in open-iscsi, uIP-Contiki-OS, and uIP that parses the TCP MSS option does not check the validity of the length field of this option, allowing an attacker to force it into an infinite loop when arbitrary TCP MSS values are supplied. [CVE-2020-13988](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13988>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.6 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>) When handling TCP urgent data in open-iscsi, uIP-Contiki-OS, and uIP, there are no sanity checks for the value of the urgent data pointer, allowing an attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets. [CVE-2020-17437](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17437>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H>)). #### 3.2.7 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>) The function in open-iscsi and uIP that reassembles fragmented packets does not validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. This could lead to memory corruption. [CVE-2020-17438](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17438>) has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H>)). #### 3.2.8 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>) Incoming DNS replies in uIP are parsed by the DNS client even if there were no outgoing queries. The DNS transaction ID is not sufficiently random. Provided that the DNS cache is quite small (four entries), this facilitates DNS cache poisoning attacks. [CVE-2020-17439](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17439>) has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L>)). #### 3.2.9 [IMPROPER NULL TERMINATION CWE-170](<https://cwe.mitre.org/data/definitions/170.html>) When parsing incoming DNS packets in uIP-Contiki-NG, uIP-Contiki-OS, and uIP, there are no checks whether domain names are null-terminated. This allows an attacker to achieve memory corruption with crafted DNS responses. [CVE-2020-17440](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17440>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.10 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>) In picoTCP-NG and picoTCP the payload length field of IPv6 extension headers are not checked against the data available in incoming packets, allowing an attacker to corrupt memory. [CVE-2020-17441](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17441>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.11 [INTEGER OVERFLOW CWE-190](<https://cwe.mitre.org/data/definitions/190.html>) The function in picoTCP-NG and picoTCP that processes the hop-by-hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing an attacker to cause the function to enter an infinite loop by supplying arbitrary length values. [CVE-2020-17442](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17442>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.12 [INTEGER OVERFLOW CWE-190](<https://cwe.mitre.org/data/definitions/190.html>) When processing ICMPv6 echo requests in picoTCP-NG and picoTCP, there are no checks for whether the ICMPv6 header consists of at least 8 bytes (set by RFC443). This leads to the function that creates ICMPv6 echo replies based on a received request with a smaller header to corrupt memory. [CVE-2020-17443](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17443>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)). #### 3.2.13 [INTEGER OVERFLOW CWE-190](<https://cwe.mitre.org/data/definitions/190.html>) The function in picoTCP-NG and picoTCP that processes IPv6 headers does not check the lengths of extension header options, allowing an attacker to force this function into an infinite loop with crafted length values. [CVE-2020-17444](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17444>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.14 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) The function in picoTCP-NG and picoTCP that processes the IPv6 destination options extension header does not check the validity of its options lengths, allowing an attacker to corrupt memory and/or put the function into an infinite loop with crafted length values. [CVE-2020-17445](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17445>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.15 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) The function in FNET does not check whether domain names are null terminated when parsing Link-local Multicast Name Resolution (LLMNR) requests. This may allow an attacker to read out of bounds. [CVE-2020-17467](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17467>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)). #### 3.2.16 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) The function in FNET that processes the IPv6 hop-by-hop extension header does not check the validity of its options lengths, allowing an attacker to corrupt memory. [CVE-2020-17468](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17468>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.17 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) The IPv6 packet reassembly function in FNET does not check whether the received fragments are properly aligned in memory, allowing an attacker to perform memory corruption with crafted IPv6 fragmented packets. [CVE-2020-17469](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17469>) has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.18 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>) The function in FNET that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they will be always set to 1), facilitating DNS cache poisoning attacks. [CVE-2020-17470](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17470>) has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N>)). #### 3.2.19 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) The function in uIP-Contiki-NG, uIP-Contiki-OS, and uIP that processes DNS responses does not check whether the number of responses specified in the DNS packet header correspond to the response data available in the DNS packet, which may allow an attacker to corrupt memory. [CVE-2020-24334](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24334>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)). #### 3.2.20 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) The function in uIP-Contiki-NG, uIP-Contiki-OS, and uIP that parses domain names lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets. [CVE-2020-24335](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24335>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.21 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) The function in uIP-Contiki-NG and uIP-Contiki-OS for parsing DNS records in DNS response packets sent over NAT64 does not validate the length field of the response records, allowing an attacker to corrupt memory. [CVE-2020-24336](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24336>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)). #### 3.2.22 [LOOP WITH UNREACHABLE EXIT CONDITION ('INFINITE LOOP') CWE-835](<https://cwe.mitre.org/data/definitions/835.html>) The function in picoTCP-NG and picoTCP that processes TCP options does not validate their lengths, allowing an attacker to put the function into an infinite loop with uncommon/unsupported TCP options that have crafted length values. [CVE-2020-24337](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24337>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.23 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>) The function in picoTCP and picoTCP-NG that parses domain names lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets. [CVE-2020-24338](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24338>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)). #### 3.2.24 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) The function in picoTCP and picoTCP-NG that processes DNS responses does not check whether the number of responses specified in the DNS packet header correspond to the response data available in the DNS packet, allowing an attacker to perform memory corruption. [CVE-2020-24339](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24339>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.25 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) The function in picoTCP and picoTCP-NG that processes DNS responses does not check whether the number of responses specified in the DNS packet header correspond to the response data available in the DNS packet, allowing an attacker to perform memory corruption. [CVE-2020-24340](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24340>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)). #### 3.2.26 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) The TCP input data processing function in picoTCP-NG and picoTCP does not validate the length of incoming TCP packets, allowing an attacker to read out of bounds and perform memory corruption. [CVE-2020-24341](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24341>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)). #### 3.2.27 [IMPROPER NULL TERMINATION CWE-170](<https://cwe.mitre.org/data/definitions/170.html>) When parsing incoming DNS packets in FNET, there are no checks whether domain names are null-terminated. This may allow an attacker to achieve memory corruption and/or memory leak. [CVE-2020-24383](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24383>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L>)). #### 3.2.28 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) The function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations. [CVE-2020-25107](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25107>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.29 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>) The function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations. [CVE-2020-25108](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25108>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). #### 3.2.30 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) The function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations. [CVE-2020-25109](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25109>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)). #### 3.2.31 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) The function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations. [CVE-2020-25110](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25110>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)). #### 3.2.32 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>) The function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations. [CVE-2020-25111](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25111>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)). #### 3.2.33 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>) Vulnerabilities in uIP-Contiki-OS (EOL) provide insufficient checks for the IPv4/IPv6 header length and inconsistent checks for the IPv6 header extension lengths, which may allow an attacker to corrupt memory. [CVE-2020-25112](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25112>) has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H>)). ### 3.3 BACKGROUND * **CRITICAL INFRASTRUCTURE SECTORS: **Multiple * **COUNTRIES/AREAS DEPLOYED: **Worldwide * **COMPANY HEADQUARTERS LOCATION:** Various ### 3.4 RESEARCHER Daniel dos Santos, Stanislav Dashevskyi, Jos Wetzels, and Amine Amri of Forescout Research Labs reported these vulnerabilities to CISA. ## 4\. MITIGATIONS * uIP is EOL (end-of-life). See general recommendations below. * uIP-Contiki-OS is EOL. See general recommendations below. * picoTCP is EOL. See general recommendations below. * The maintainers of FNET recommend users update to [Version 4.7.0 or later](<https://github.com/butok/FNET/releases/tag/v4.7.0>). * The maintainers of uIP-Contiki-NG recommend users update to [the latest version](<https://github.com/contiki-ng/contiki-ng>). * The maintainers of open-iscsi recommend users update to [the latest version](<https://github.com/open-iscsi/open-iscsi>). * [Contact](<mailto:root@danielinux.net>) the maintainers of picoTCP-NG for recommended updates. * [Contact](<mailto:tim.schendekehl@egnite.de>) the maintainers of Nut/Net and find [the latest version on their websit](<http://www.ethernut.de/en/download/index.html>)e. Additional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows: * [Devolo](<https://www.devolo.de/fileadmin/Web-Content/DE/support/security/dSA201101-uIP_Stack-Security_Advisory.pdf>) * [EMU Electronic AG](<https://www.emuag.ch/support/vulnerability/emu-sec20201201/>) * [FEIG](<http://www.feig.de/service/cybersecurity/2020-12-08-01_SecurityAdvisory.pdf>) * [Genetec](<https://resources.genetec.com/security-advisories/vulnerabilities-affecting-the-sharpx-sharpxs-and-sharpz3>) * [Harting](<https://harting.sharefile.eu/share/view/45b5ca131e574842/fod2c891-c568-4690-becd-988867bf4dfb>) * [Hensoldt](<https://hensoldt-cyber.com/notifications/amnesia-33/>) * [Microchip](<https://www.microchip.com/design-centers/wireless-connectivity/software-vulnerability-response/amnesia-network-stack-vulnerability>) * [Nanotec](<https://en.nanotec.com/products/manual/N5_ECAT_EN?cHash=1b11e7dd4167bdbb93ee8d41de847565%20and%20https://en.nanotec.com/products/manual/N5_CAN_EN?cHash=57c3a0ea453f7c3bc9f2f33e93929599>) * [NT-Ware](<https://www.uniflow.global/en/security/security-and-maintenance/#security_advisory_8>) * [Tagmaster](<https://tagmaster.com/wp-content/uploads/2020/12/1120-213-Security-Advisory-NuttX-TCP-IP-vulnerabilities.pdf>) * [Siemens](<https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf>) * [Uniflow](<https://www.uniflow.global/en/security/security-and-maintenance/#security_advisory_8>) * [Yanzi Networks](<https://yanzi.dev/#/security/advisories/2020-12-08>) CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>). * Locate control system networks and remote devices behind firewalls, and isolate them from the business network. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices. * Use an internal DNS server that performs DNS-over-HTTPS for lookups. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>). Additional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>). Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents. No known public exploits specifically target these vulnerabilities. ## Contact Information For any questions related to this report, please contact the CISA at: Email: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) Toll Free: 1-888-282-0870 For industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics or incident reporting: https://us-cert.cisa.gov/report CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product. This product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy. **Please share your thoughts.** We recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01>); we'd welcome your feedback.

{"id": "ICSA-20-343-01", "vendorId": null, "type": "ics", "bulletinFamily": "info", "title": "Multiple Embedded TCP/IP Stacks", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.8**\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor: **Multiple (open source)\n * **Equipment:** uIP-Contiki-OS, uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net\n * **Vulnerabilities:** Infinite Loop, Integer Wraparound, Out-of-bounds Read, Integer Overflow, Out-of-bounds Write, Improper Input Validation, Improper Null Termination\n\nCISA is aware of a public report, known as \u201cAMNESIA:33\u201d that details vulnerabilities found in multiple open-source TCP/IP stacks. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.\n\nThe various open-source stacks may be implemented in forked repositories.\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could allow attackers to corrupt memory, put devices into infinite loops, access unauthorized data, and/or poison DNS cache.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following are affected:\n\n * uIP-Contiki-OS (end-of-life [EOL]), Version 3.0 and prior\n * uIP-Contiki-NG, Version 4.5 and prior\n * uIP (EOL), Version 1.0 and prior\n * open-iscsi, Version 2.1.12 and prior\n * picoTCP-NG, Version 1.7.0 and prior\n * picoTCP (EOL), Version 1.7.0 and prior\n * FNET, Version 4.6.3\n * Nut/Net, Version 5.1 and prior\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [LOOP WITH UNREACHABLE EXIT CONDITION ('INFINITE LOOP') CWE-835](<https://cwe.mitre.org/data/definitions/835.html>)\n\nThe function used in uIP-Contiki-OS to process IPv6 extension headers and extension header options can be forced into an infinite loop state due to unchecked header/option lengths.\n\n[CVE-2020-13984](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13984>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.2 [INTEGER WRAPAROUND CWE-190](<https://cwe.mitre.org/data/definitions/190.html>)\n\nThe function used in uIP-Contiki-OS to decapsulate RPL extension headers does not check for unsafe integer conversion when parsing the values provided in a header, allowing an attacker to corrupt memory. \n\n[CVE-2020-13985](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13985>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.3 [LOOP WITH UNREACHABLE EXIT CONDITION ('INFINITE LOOP') CWE-835](<https://cwe.mitre.org/data/definitions/835.html>)\n\nThe function used in uIP-Contiki-OS to decapsulate RPL extension headers does not check the length value of an RPL extension header received, allowing an attacker to cause it to enter an infinite loop.\n\n[CVE-2020-13986](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13986>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.4 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe function in open-iscsi, uIP-Contiki-OS, and uIP that parses incoming transport layer packets (TCP/UDP) does not check the length fields of packet headers against the data available in the packets. Given arbitrary lengths, an out-of-bounds memory read may be performed during the checksum computation.\n\n[CVE-2020-13987](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13987>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)).\n\n#### 3.2.5 [INTEGER OVERFLOW CWE-190](<https://cwe.mitre.org/data/definitions/190.html>)\n\nThe function in open-iscsi, uIP-Contiki-OS, and uIP that parses the TCP MSS option does not check the validity of the length field of this option, allowing an attacker to force it into an infinite loop when arbitrary TCP MSS values are supplied.\n\n[CVE-2020-13988](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13988>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.6 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)\n\nWhen handling TCP urgent data in open-iscsi, uIP-Contiki-OS, and uIP, there are no sanity checks for the value of the urgent data pointer, allowing an attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets.\n\n[CVE-2020-17437](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17437>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H>)).\n\n#### 3.2.7 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)\n\nThe function in open-iscsi and uIP that reassembles fragmented packets does not validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. This could lead to memory corruption.\n\n[CVE-2020-17438](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17438>) has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H>)).\n\n#### 3.2.8 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)\n\nIncoming DNS replies in uIP are parsed by the DNS client even if there were no outgoing queries. The DNS transaction ID is not sufficiently random. Provided that the DNS cache is quite small (four entries), this facilitates DNS cache poisoning attacks.\n\n[CVE-2020-17439](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17439>) has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L>)).\n\n#### 3.2.9 [IMPROPER NULL TERMINATION CWE-170](<https://cwe.mitre.org/data/definitions/170.html>)\n\nWhen parsing incoming DNS packets in uIP-Contiki-NG, uIP-Contiki-OS, and uIP, there are no checks whether domain names are null-terminated. This allows an attacker to achieve memory corruption with crafted DNS responses.\n\n[CVE-2020-17440](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17440>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.10 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)\n\nIn picoTCP-NG and picoTCP the payload length field of IPv6 extension headers are not checked against the data available in incoming packets, allowing an attacker to corrupt memory.\n\n[CVE-2020-17441](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17441>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.11 [INTEGER OVERFLOW CWE-190](<https://cwe.mitre.org/data/definitions/190.html>)\n\nThe function in picoTCP-NG and picoTCP that processes the hop-by-hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing an attacker to cause the function to enter an infinite loop by supplying arbitrary length values.\n\n[CVE-2020-17442](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17442>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.12 [INTEGER OVERFLOW CWE-190](<https://cwe.mitre.org/data/definitions/190.html>)\n\nWhen processing ICMPv6 echo requests in picoTCP-NG and picoTCP, there are no checks for whether the ICMPv6 header consists of at least 8 bytes (set by RFC443). This leads to the function that creates ICMPv6 echo replies based on a received request with a smaller header to corrupt memory.\n\n[CVE-2020-17443](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17443>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)).\n\n#### 3.2.13 [INTEGER OVERFLOW CWE-190](<https://cwe.mitre.org/data/definitions/190.html>)\n\nThe function in picoTCP-NG and picoTCP that processes IPv6 headers does not check the lengths of extension header options, allowing an attacker to force this function into an infinite loop with crafted length values.\n\n[CVE-2020-17444](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17444>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.14 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe function in picoTCP-NG and picoTCP that processes the IPv6 destination options extension header does not check the validity of its options lengths, allowing an attacker to corrupt memory and/or put the function into an infinite loop with crafted length values.\n\n[CVE-2020-17445](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17445>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.15 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe function in FNET does not check whether domain names are null terminated when parsing Link-local Multicast Name Resolution (LLMNR) requests. This may allow an attacker to read out of bounds.\n\n[CVE-2020-17467](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17467>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)).\n\n#### 3.2.16 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe function in FNET that processes the IPv6 hop-by-hop extension header does not check the validity of its options lengths, allowing an attacker to corrupt memory.\n\n[CVE-2020-17468](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17468>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.17 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe IPv6 packet reassembly function in FNET does not check whether the received fragments are properly aligned in memory, allowing an attacker to perform memory corruption with crafted IPv6 fragmented packets.\n\n[CVE-2020-17469](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17469>) has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.18 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)\n\nThe function in FNET that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they will be always set to 1), facilitating DNS cache poisoning attacks.\n\n[CVE-2020-17470](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17470>) has been assigned to this vulnerability. A CVSS v3 base score of 4.0 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N>)).\n\n#### 3.2.19 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe function in uIP-Contiki-NG, uIP-Contiki-OS, and uIP that processes DNS responses does not check whether the number of responses specified in the DNS packet header correspond to the response data available in the DNS packet, which may allow an attacker to corrupt memory.\n\n[CVE-2020-24334](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24334>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)).\n\n#### 3.2.20 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe function in uIP-Contiki-NG, uIP-Contiki-OS, and uIP that parses domain names lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.\n\n[CVE-2020-24335](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24335>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.21 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe function in uIP-Contiki-NG and uIP-Contiki-OS for parsing DNS records in DNS response packets sent over NAT64 does not validate the length field of the response records, allowing an attacker to corrupt memory.\n\n[CVE-2020-24336](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24336>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.22 [LOOP WITH UNREACHABLE EXIT CONDITION ('INFINITE LOOP') CWE-835](<https://cwe.mitre.org/data/definitions/835.html>)\n\nThe function in picoTCP-NG and picoTCP that processes TCP options does not validate their lengths, allowing an attacker to put the function into an infinite loop with uncommon/unsupported TCP options that have crafted length values.\n\n[CVE-2020-24337](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24337>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.23 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)\n\nThe function in picoTCP and picoTCP-NG that parses domain names lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.\n\n[CVE-2020-24338](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24338>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.24 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe function in picoTCP and picoTCP-NG that processes DNS responses does not check whether the number of responses specified in the DNS packet header correspond to the response data available in the DNS packet, allowing an attacker to perform memory corruption.\n\n[CVE-2020-24339](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24339>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.25 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe function in picoTCP and picoTCP-NG that processes DNS responses does not check whether the number of responses specified in the DNS packet header correspond to the response data available in the DNS packet, allowing an attacker to perform memory corruption.\n\n[CVE-2020-24340](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24340>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)).\n\n#### 3.2.26 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe TCP input data processing function in picoTCP-NG and picoTCP does not validate the length of incoming TCP packets, allowing an attacker to read out of bounds and perform memory corruption.\n\n[CVE-2020-24341](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24341>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)).\n\n#### 3.2.27 [IMPROPER NULL TERMINATION CWE-170](<https://cwe.mitre.org/data/definitions/170.html>)\n\nWhen parsing incoming DNS packets in FNET, there are no checks whether domain names are null-terminated. This may allow an attacker to achieve memory corruption and/or memory leak.\n\n[CVE-2020-24383](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24383>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L>)).\n\n#### 3.2.28 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations.\n\n[CVE-2020-25107](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25107>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.29 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)\n\nThe function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations.\n\n[CVE-2020-25108](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25108>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.30 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations.\n\n[CVE-2020-25109](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25109>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)).\n\n#### 3.2.31 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nThe function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations.\n\n[CVE-2020-25110](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25110>) has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>)).\n\n#### 3.2.32 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)\n\nThe function in Nut/Net that processes DNS questions/responses has several issues: there is no check on whether a domain name is NULL-terminated; the DNS response data length is not checked (can be set to arbitrary value from a packet); the number of DNS queries/responses (set in DNS header) is not checked against the data present; the length byte of a domain name in a DNS query/response is not checked and is used for internal memory operations.\n\n[CVE-2020-25111](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25111>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.33 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)\n\nVulnerabilities in uIP-Contiki-OS (EOL) provide insufficient checks for the IPv4/IPv6 header length and inconsistent checks for the IPv6 header extension lengths, which may allow an attacker to corrupt memory.\n\n[CVE-2020-25112](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25112>) has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Multiple\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Various\n\n### 3.4 RESEARCHER\n\nDaniel dos Santos, Stanislav Dashevskyi, Jos Wetzels, and Amine Amri of Forescout Research Labs reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\n * uIP is EOL (end-of-life). See general recommendations below. \n * uIP-Contiki-OS is EOL. See general recommendations below.\n * picoTCP is EOL. See general recommendations below.\n * The maintainers of FNET recommend users update to [Version 4.7.0 or later](<https://github.com/butok/FNET/releases/tag/v4.7.0>). \n * The maintainers of uIP-Contiki-NG recommend users update to [the latest version](<https://github.com/contiki-ng/contiki-ng>).\n * The maintainers of open-iscsi recommend users update to [the latest version](<https://github.com/open-iscsi/open-iscsi>).\n * [Contact](<mailto:root@danielinux.net>) the maintainers of picoTCP-NG for recommended updates.\n * [Contact](<mailto:tim.schendekehl@egnite.de>) the maintainers of Nut/Net and find [the latest version on their websit](<http://www.ethernut.de/en/download/index.html>)e.\n\nAdditional vendors affected by the reported vulnerabilities have also released security advisories related to their affected products. Those advisories are as follows:\n\n * [Devolo](<https://www.devolo.de/fileadmin/Web-Content/DE/support/security/dSA201101-uIP_Stack-Security_Advisory.pdf>)\n * [EMU Electronic AG](<https://www.emuag.ch/support/vulnerability/emu-sec20201201/>)\n * [FEIG](<http://www.feig.de/service/cybersecurity/2020-12-08-01_SecurityAdvisory.pdf>)\n * [Genetec](<https://resources.genetec.com/security-advisories/vulnerabilities-affecting-the-sharpx-sharpxs-and-sharpz3>)\n * [Harting](<https://harting.sharefile.eu/share/view/45b5ca131e574842/fod2c891-c568-4690-becd-988867bf4dfb>)\n * [Hensoldt](<https://hensoldt-cyber.com/notifications/amnesia-33/>)\n * [Microchip](<https://www.microchip.com/design-centers/wireless-connectivity/software-vulnerability-response/amnesia-network-stack-vulnerability>)\n * [Nanotec](<https://en.nanotec.com/products/manual/N5_ECAT_EN?cHash=1b11e7dd4167bdbb93ee8d41de847565%20and%20https://en.nanotec.com/products/manual/N5_CAN_EN?cHash=57c3a0ea453f7c3bc9f2f33e93929599>)\n * [NT-Ware](<https://www.uniflow.global/en/security/security-and-maintenance/#security_advisory_8>)\n * [Tagmaster](<https://tagmaster.com/wp-content/uploads/2020/12/1120-213-Security-Advisory-NuttX-TCP-IP-vulnerabilities.pdf>)\n * [Siemens](<https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf>)\n * [Uniflow](<https://www.uniflow.global/en/security/security-and-maintenance/#security_advisory_8>)\n * [Yanzi Networks](<https://yanzi.dev/#/security/advisories/2020-12-08>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n * Use an internal DNS server that performs DNS-over-HTTPS for lookups.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities. \n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01>); we'd welcome your feedback.\n", "published": "2020-12-08T00:00:00", "modified": "2020-12-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.us-cert.gov/ics/advisories/icsa-20-343-01", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://www.cisa.gov/uscert", "https://www.cisa.gov", "https://www.cisa.gov", "https://www.cisa.gov/ics", "https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-20-343-01", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-20-343-01", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-20-343-01", "https://cwe.mitre.org/data/definitions/835.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13984", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/190.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13985", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/835.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13986", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13987", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "https://cwe.mitre.org/data/definitions/190.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13988", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/787.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17437", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "https://cwe.mitre.org/data/definitions/787.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17438", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "https://cwe.mitre.org/data/definitions/20.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17439", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L", "https://cwe.mitre.org/data/definitions/170.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17440", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/20.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17441", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/190.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17442", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/190.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17443", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "https://cwe.mitre.org/data/definitions/190.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17444", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17445", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17467", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17468", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17469", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/20.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17470", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24334", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24335", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24336", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://cwe.mitre.org/data/definitions/835.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24337", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/787.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24338", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24339", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24340", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24341", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "https://cwe.mitre.org/data/definitions/170.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24383", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25107", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/787.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25108", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25109", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "https://cwe.mitre.org/data/definitions/125.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25110", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "https://cwe.mitre.org/data/definitions/787.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25111", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://cwe.mitre.org/data/definitions/787.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25112", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://github.com/butok/FNET/releases/tag/v4.7.0", "https://github.com/contiki-ng/contiki-ng", "https://github.com/open-iscsi/open-iscsi", "http://www.ethernut.de/en/download/index.html", "https://www.devolo.de/fileadmin/Web-Content/DE/support/security/dSA201101-uIP_Stack-Security_Advisory.pdf", "https://www.emuag.ch/support/vulnerability/emu-sec20201201/", "http://www.feig.de/service/cybersecurity/2020-12-08-01_SecurityAdvisory.pdf", "https://resources.genetec.com/security-advisories/vulnerabilities-affecting-the-sharpx-sharpxs-and-sharpz3", "https://harting.sharefile.eu/share/view/45b5ca131e574842/fod2c891-c568-4690-becd-988867bf4dfb", "https://hensoldt-cyber.com/notifications/amnesia-33/", "https://www.microchip.com/design-centers/wireless-connectivity/software-vulnerability-response/amnesia-network-stack-vulnerability", "https://en.nanotec.com/products/manual/N5_ECAT_EN?cHash=1b11e7dd4167bdbb93ee8d41de847565%20and%20https://en.nanotec.com/products/manual/N5_CAN_EN?cHash=57c3a0ea453f7c3bc9f2f33e93929599", "https://www.uniflow.global/en/security/security-and-maintenance/#security_advisory_8", "https://tagmaster.com/wp-content/uploads/2020/12/1120-213-Security-Advisory-NuttX-TCP-IP-vulnerabilities.pdf", "https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf", "https://www.uniflow.global/en/security/security-and-maintenance/#security_advisory_8", "https://yanzi.dev/#/security/advisories/2020-12-08", "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01", "https://us-cert.cisa.gov/ics/recommended-practices", "https://us-cert.cisa.gov/ics", "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "https://us-cert.cisa.gov/ics", "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B", "https://www.dhs.gov/privacy-policy", "https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01", "http://twitter.com/icscert", "https://www.dhs.gov", "https://www.dhs.gov/freedom-information-act-foia", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plain-writing-dhs", "https://www.dhs.gov/plug-information", "https://www.oig.dhs.gov/", "https://www.whitehouse.gov/", "https://www.usa.gov/", "https://www.dhs.gov/"], "cvelist": ["CVE-2020-13984", "CVE-2020-13985", "CVE-2020-13986", "CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437", "CVE-2020-17438", "CVE-2020-17439", "CVE-2020-17440", "CVE-2020-17441", "CVE-2020-17442", "CVE-2020-17443", "CVE-2020-17444", "CVE-2020-17445", "CVE-2020-17467", "CVE-2020-17468", "CVE-2020-17469", "CVE-2020-17470", "CVE-2020-24334", "CVE-2020-24335", "CVE-2020-24336", "CVE-2020-24337", "CVE-2020-24338", "CVE-2020-24339", "CVE-2020-24340", "CVE-2020-24341", "CVE-2020-24383", "CVE-2020-25107", "CVE-2020-25108", "CVE-2020-25109", "CVE-2020-25110", "CVE-2020-25111", "CVE-2020-25112"], "immutableFields": [], "lastseen": "2022-04-26T21:49:04", "viewCount": 43, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:D06E04AB-0FFE-4CE4-A29C-24BC05F6E804"]}, {"type": "cert", "idList": ["VU:815128"]}, {"type": "cve", "idList": ["CVE-2020-13984", "CVE-2020-13985", "CVE-2020-13986", "CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437", "CVE-2020-17438", "CVE-2020-17439", "CVE-2020-17440", "CVE-2020-17441", "CVE-2020-17442", "CVE-2020-17443", "CVE-2020-17444", "CVE-2020-17445", "CVE-2020-17467", "CVE-2020-17468", "CVE-2020-17469", "CVE-2020-17470", "CVE-2020-24334", "CVE-2020-24335", "CVE-2020-24336", "CVE-2020-24337", "CVE-2020-24338", "CVE-2020-24339", "CVE-2020-24340", "CVE-2020-24341", "CVE-2020-24383", "CVE-2020-25107", "CVE-2020-25108", "CVE-2020-25109", "CVE-2020-25110", "CVE-2020-25111", "CVE-2020-25112"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-13987", "DEBIANCVE:CVE-2020-13988", "DEBIANCVE:CVE-2020-17437"]}, {"type": "ics", "idList": ["ICSA-20-343-05", "ICSA-21-068-06"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1012.NASL", "EULEROS_SA-2021-1031.NASL", "EULEROS_SA-2021-1076.NASL", "EULEROS_SA-2021-1307.NASL", "EULEROS_SA-2021-1377.NASL", "EULEROS_SA-2021-1437.NASL", "EULEROS_SA-2021-1438.NASL", "EULEROS_SA-2021-1485.NASL", "EULEROS_SA-2021-1617.NASL", "EULEROS_SA-2021-1639.NASL", "EULEROS_SA-2021-1683.NASL", "EULEROS_SA-2021-1718.NASL", "EULEROS_SA-2021-1762.NASL", "EULEROS_SA-2021-1932.NASL", "EULEROS_SA-2021-1953.NASL", "EULEROS_SA-2021-2138.NASL", "SUSE_SU-2021-0663-1.NASL", "SUSE_SU-2021-1164-1.NASL"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-13987", "RH:CVE-2020-13988", "RH:CVE-2020-17437"]}, {"type": "thn", "idList": ["THN:812B2C8E4446362B541FFE932E10CC78"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-13987", "UB:CVE-2020-13988", "UB:CVE-2020-17437", "UB:CVE-2020-17438", "UB:CVE-2020-24335"]}, {"type": "veracode", "idList": ["VERACODE:28815", "VERACODE:28816", "VERACODE:28817"]}]}, "score": {"value": 2.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:D06E04AB-0FFE-4CE4-A29C-24BC05F6E804"]}, {"type": "cert", "idList": ["VU:815128"]}, {"type": "cve", "idList": ["CVE-2020-13984", "CVE-2020-13985", "CVE-2020-13986", "CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437", "CVE-2020-17438", "CVE-2020-17439", "CVE-2020-17440", "CVE-2020-17441", "CVE-2020-17442", "CVE-2020-17443", "CVE-2020-17444", "CVE-2020-17445", "CVE-2020-17467", "CVE-2020-17468", "CVE-2020-17469", "CVE-2020-17470", "CVE-2020-24334", "CVE-2020-24336", "CVE-2020-24337", "CVE-2020-24338", "CVE-2020-24339", "CVE-2020-24340", "CVE-2020-24341", "CVE-2020-24383", "CVE-2020-25107", "CVE-2020-25108", "CVE-2020-25109", "CVE-2020-25110", "CVE-2020-25111", "CVE-2020-25112"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-13987", "DEBIANCVE:CVE-2020-13988", "DEBIANCVE:CVE-2020-17437"]}, {"type": "ics", "idList": ["ICSA-13-011-01", "ICSA-13-149-01"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2020-17437/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2020-17437/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-17437/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP9-CVE-2020-17438/", "MSF:ILITIES/SUSE-CVE-2020-17437/", "MSF:ILITIES/SUSE-CVE-2020-17438/"]}, {"type": "nessus", "idList": ["EULEROS_SA-2021-1012.NASL", "EULEROS_SA-2021-1031.NASL", "EULEROS_SA-2021-2138.NASL"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-13987", "RH:CVE-2020-13988", "RH:CVE-2020-17437"]}, {"type": "thn", "idList": ["THN:812B2C8E4446362B541FFE932E10CC78"]}, {"type": "threatpost", "idList": ["THREATPOST:134A95E2E7432DE5E6F46316E469C55B", "THREATPOST:75B109B5B464EBEE349E710C31FA89E1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-13987", "UB:CVE-2020-13988"]}]}, "exploitation": null, "vulnersScore": 2.0}, "_state": {"dependencies": 1660012827, "score": 1659890495}, "_internal": {"score_hash": "df6c69feac93b01a56f369cb35b6c2a5"}}

{"cert": [{"lastseen": "2022-02-01T00:00:00", "description": "### Overview\n\nMultiple open-source embedded TCP/IP stacks, commonly used in Internet of Things (IoT) and embedded devices, have several vulnerabilities stemming from improper memory management. These vulnerabilities are also tracked as ICS-VU-633937 and JVNVU#96491057 as well as the name [AMNESIA:33](<https://www.forescout.com/research-labs/amnesia33/>).\n\n### Description\n\nEmbedded TCP/IP stacks provide essential network communication capability using TCP/IP networking to many lightweight operating systems adopted by IoT and other embedded devices. These software stacks can also be used in the latest technologies such as [Edge Computing](<https://en.wikipedia.org/wiki/Edge_computing>). The following embedded TCP/IP stacks were discovered to have 33 memory related vulnerabilities included in this advisory:\n\n * uIP: <https://github.com/adamdunkels/uip>\n * Contiki-OS and Contiki-NG: <https://www.contiki-ng.org/>\n * PicoTCP and PicoTCP-NG: <http://picotcp.altran.be>\n * FNET: [http://fnet.sourceforge.net/](<http://fnet.sourceforge.net/\\]>)\n * Nut/OS: <http://www.ethernut.de/en/software/>\n\nThese networking software stacks can be integrated in various ways, including compiled from source, modified and integrated, and linked as a dynamic or static libraries, allowing for a wide variety of implementations. As an example, projects such as [Apache Nuttx](<https://nuttx.apache.org>) and [open-iscsi](<https://www.open-iscsi.com>) have adopted common libraries and software modules, thus inheriting some of these vulnerabilities with varying levels of impact. The diversity of implementations and the lack of supply chain visibility has made it difficult to accurately assess the impact, usage as well as the potential exploitability of these vulnerabilities.\n\nIn general, most of these vulnerabilities are caused by [memory management bugs](<https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152142>), commonly seen in lightweight software implementations in Real Time Operating Systems (RTOS) and IoT devices. For specific details on these vulnerabilities, see the [Forescout advisory](<https://www.forescout.com/amnesia33>) that provides technical details. Due to the lack of visibility of these software usage, Forescout has released an open source version of [Detector](<https://github.com/Forescout/project-memoria-detector>) that can be used to identify potentially vulnerable software.\n\n### Impact\n\nThe impact of these vulnerabilities vary widely due to the combination of build and runtime options customized while including these in embedded devices. In summary, a remote, unauthenticated attacker may be able to use specially-crafted network packets to cause the vulnerable device to behave in unexpected ways such as a failure (denial of service), disclosure of private information, or execution of arbitrary code.\n\n### Solution\n\n#### Apply updates\n\nUpdate to the latest stable version of the affected embedded TCP/IP software that address these recently disclosed vulnerabilities. If you have adopted this software from an upstream provider, contact the provider to get appropriate updates that need to be integrated into your software. Concerned end-users of IoT and embedded devices that implement these vulnerable TCP/IP software stacks should contact their vendor or the closest reseller to obtain appropriate updates.\n\n#### Follow best-practices\n\nWe recommend that you follow best practices when connecting IoT or embedded devices to a network:\n\n * Avoid exposure of IoT and embedded devices directly over the Internet and use a segmented network zone when available.\n * Enable security features such as deep-packet inspection and firewall anomaly detection when available to protect embedded and IoT devices.\n * Ensure secure defaults are adopted and disable unused features and services on your embedded devices.\n * Regularly update firmware to the vendor provided latest stable version to ensure your device is up to date.\n\n### Acknowledgements\n\nJos Wetzels, Stanislav Dashevskyi, Amine Amri and Daniel dos Santos of [Forescout Technologies](<https://www.forescout.com/>) researched and reported these vulnerabilities. \n\nThis document was written by Vijay Sarvepalli.\n\n### Vendor Information\n\n815128\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n### Cyanconnode AB __ Affected\n\nNotified: 2020-12-09 Updated: 2020-12-09\n\n**Statement Date: December 08, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Affected \n**CVE-2020-13986**| Affected \n**CVE-2020-13987**| Affected \n**CVE-2020-13988**| Affected \n**CVE-2020-17437**| Affected \n**CVE-2020-17438**| Affected \n**CVE-2020-17439**| Affected \n**CVE-2020-17440**| Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Not Affected \n \n#### Vendor Statement\n\nCyanconnode is aware of multiple security vulnerabilities in the uIP stack - commonly referred to as \"AMNESIA:33\". The Cyan Technlogy IDE, CyanIDE, was distributed with uIP v1.0. The final release of CyanIDE before it reached end-of-life was v2.4.0 in 2014. Therefore, we deem the exploitation of our product a low risk. Patches won't be provided since the affected product is end-of-life.\n\n### FNet __ Affected\n\nNotified: 2020-08-24 Updated: 2021-02-16\n\n**Statement Date: February 16, 2021**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Affected \n**CVE-2020-17468**| Affected \n**CVE-2020-17469**| Affected \n**CVE-2020-17470**| Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nAll mentioned vulnerabilities were solved in previous FNET v4.7.0 release.\n\n#### References\n\n * <https://github.com/butok/FNET>\n * <https://github.com/butok/FNET/releases/tag/v4.7.1>\n\n#### CERT Addendum\n\nFNET has their latest repository at Github https://github.com/butok/FNET/ Their latest release is 4.7.1 linked in the References.\n\n### Microchip Technology __ Affected\n\nNotified: 2020-08-28 Updated: 2020-12-08\n\n**Statement Date: December 02, 2020**\n\n**CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Affected \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Affected \n**CVE-2020-17440**| Affected \n**CVE-2020-17441**| Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Affected \n**CVE-2020-24334**| Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nMicrochip is aware of a TCP/IP security vulnerability known as Amnesia:33. Microchip takes security issues seriously and is currently working to mitigate the issues and provide solutions for our clients. We have determined that some CVEs affect some of our networking products. For details on impacted products and resolution plans, visit below URL.\n\n#### References\n\n * <https://www.microchip.com/design-centers/wireless-connectivity/software-vulnerability-response/amnesia-network-stack-vulnerability>\n\n### Netgear Affected\n\nNotified: 2020-08-21 Updated: 2021-03-23\n\n**Statement Date: March 19, 2021**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SUSE Linux __ Affected\n\nNotified: 2020-09-15 Updated: 2020-12-14\n\n**Statement Date: December 14, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Affected \n**Vendor Statement:** \nour open-iscsi package is affected by this uIP issue \n**CVE-2020-13988**| Affected \n**Vendor Statement:** \nOur open-iscsi package be affected by this issue. \n**CVE-2020-17437**| Affected \n**Vendor Statement:** \nour open-iscsi package is affected by this issue. \n**CVE-2020-17438**| Affected \n**Vendor Statement:** \nour open-iscsi package is affected by this issue. \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nThe Linux Kernel TCP/IP stack used by SUSE Linux Enterprise and openSUSE is not affected by the listed vulnerabilities.\n\nSUSE ships open-iscsi, which embeds a version of the uIP IP stack, which is affected by some of the vulnerabilities, and will provide fixes.\n\n#### References\n\n * <https://www.suse.com/c/suse-statement-on-amnesia33-vulnerabilities/>\n\n### Siemens __ Affected\n\nNotified: 2020-10-28 Updated: 2021-03-23\n\n**Statement Date: March 18, 2021**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Affected \n**CVE-2020-13988**| Affected \n**CVE-2020-17437**| Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Not Affected \n \n#### Vendor Statement\n\nSiemens is aware of the security vulnerabilities in several TCP/IP stacks, also named \u201cAMNESIA:33\u201d and disclosed on 2020-12-08. The impact to Siemens products is described in the Security Advisories SSA-541017, published on 2020-12-08 and SSA-541018, published on 2021-03-09 on the Siemens ProductCERT page (https://www.siemens.com/cert/advisories).\n\n#### References\n\n * <https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf>\n * <https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf>\n\n### Weinert Automation __ Affected\n\nNotified: 2020-12-09 Updated: 2020-12-09\n\n**Statement Date: December 08, 2020**\n\n**CVE-2020-13984**| Affected \n---|--- \n**CVE-2020-13985**| Affected \n**CVE-2020-13986**| Affected \n**CVE-2020-13987**| Affected \n**CVE-2020-13988**| Affected \n**CVE-2020-17437**| Affected \n**CVE-2020-17438**| Affected \n**CVE-2020-17439**| Affected \n**CVE-2020-17440**| Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWeinert-automation is aware of multiple security vulnerabilities in the uIP stack - commonly referred to as \"AMNESIA:33\". The stack was used in weAut_01 (software weAutSys) which was discontinued in 2012 and is verifiably not in use anymore. Therefore, we deem the exploitation of our product a low risk. Patches won't be provided since the product is end-of-life.\n\n### iscsi __ Affected\n\nNotified: 2020-09-15 Updated: 2020-12-21 **CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### CERT Addendum\n\nhttps://github.com/open-iscsi/open-iscsi/security/advisories/GHSA-r278-fm99-8rgp\n\n### ARM mbed TLS Not Affected\n\nNotified: 2020-08-24 Updated: 2020-12-08\n\n**Statement Date: September 24, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AVM GmbH Not Affected\n\nNotified: 2021-02-04 Updated: 2021-03-23\n\n**Statement Date: March 22, 2021**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Abbott Labs __ Not Affected\n\nNotified: 2020-12-02 Updated: 2020-12-08 **CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### CERT Addendum\n\nStatement provided by Abbott labs available at ICS-CERT advisory\n\n### Afero Not Affected\n\nNotified: 2020-08-24 Updated: 2020-12-08\n\n**Statement Date: December 07, 2020**\n\n**CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Arista Networks Inc. __ Not Affected\n\nNotified: 2020-08-24 Updated: 2020-12-08\n\n**Statement Date: December 07, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nArista Networks does not use the affected software in any of its product lines.\n\n### B. Braun __ Not Affected\n\nNotified: 2020-12-09 Updated: 2021-01-06\n\n**Statement Date: January 06, 2021**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### References\n\n * <https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html>\n\n### Barracuda Networks __ Not Affected\n\nNotified: 2020-08-25 Updated: 2020-12-08\n\n**Statement Date: September 16, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nBarracuda does not use these libraries in any of our products.\n\n### Belden __ Not Affected\n\nNotified: 2020-08-20 Updated: 2021-03-23\n\n**Statement Date: March 22, 2021**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Not Affected \n \n#### Vendor Statement\n\nBelden devices do not contain the vulnerable software and are not affected by this vulnerability.\n\n### Blackberry QNX Not Affected\n\nNotified: 2020-08-26 Updated: 2020-12-08\n\n**Statement Date: September 21, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Brocade Communication Systems __ Not Affected\n\nNotified: 2020-08-26 Updated: 2021-03-23\n\n**Statement Date: March 18, 2021**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-13985**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-13986**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-13987**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-13988**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-17437**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-17438**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-17439**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-17440**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-17441**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-17442**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-17443**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-17444**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-17445**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-17467**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-17468**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-17469**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-17470**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-24334**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-24335**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-24336**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-24337**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-24338**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-24339**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-24340**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-24341**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-24383**| Not Affected \n**Vendor Statement:** \nNo Brocade Fibre Channel Products from Broadcom are currently known to be affected by this vulnerability. \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Not Affected \n \n### Ceragon Networks Inc __ Not Affected\n\nNotified: 2020-08-28 Updated: 2020-12-08\n\n**Statement Date: December 08, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nNot affected by this case\n\n### Check Point __ Not Affected\n\nNotified: 2020-12-23 Updated: 2021-03-23\n\n**Statement Date: March 21, 2021**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Not Affected \n \n#### Vendor Statement\n\nCheck Point is not affected by these vulnerabilities.\n\n### Cisco Not Affected\n\nNotified: 2020-08-20 Updated: 2021-03-23\n\n**Statement Date: March 22, 2021**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell SecureWorks Not Affected\n\nNotified: 2020-08-31 Updated: 2020-12-14\n\n**Statement Date: December 11, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Digi International __ Not Affected\n\nNotified: 2020-08-20 Updated: 2020-12-14\n\n**Statement Date: December 09, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe do not use any of the affected stacks in our products. https://www.digi.com/resources/security\n\n### Espressif Systems __ Not Affected\n\nNotified: 2020-09-09 Updated: 2021-01-13\n\n**Statement Date: January 12, 2021**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nEspressif ESP8266 SDKs and ESP-IDF (SDK for ESP32 and ESP32-S2) both use the TCP/IP library lwIP, therefore are not affected by these vulnerabilities.\n\n### F5 Networks Inc. __ Not Affected\n\nNotified: 2020-08-21 Updated: 2020-12-08\n\n**Statement Date: December 08, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-13985**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-13986**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-13987**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-13988**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-17437**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-17438**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-17439**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-17440**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-17441**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-17442**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-17443**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-17444**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-17445**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-17467**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-17468**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-17469**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-17470**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-24334**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-24335**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-24336**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-24337**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-24338**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-24339**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-24340**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-24341**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-24383**| Not Affected \n**Vendor Statement:** \nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products. \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nF5 firmware (BIOS, LOP, BMC, LCD) does not use these products.\n\n### Fastly Not Affected\n\nNotified: 2020-08-28 Updated: 2020-12-08\n\n**Statement Date: December 07, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Fitbit __ Not Affected\n\nNotified: 2020-12-02 Updated: 2020-12-08\n\n**Statement Date: December 07, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nBased on our review, we can confirm that Fitbit is not affected by the \"Amnesia\" IoT TCP/IP stack vulnerabilities identified by the team at Forescout Technologies.\n\n#### CERT Addendum\n\nFitbit statement was provided to ICS-CERT\n\n### Fujitsu Not Affected\n\nNotified: 2020-09-09 Updated: 2020-12-16\n\n**Statement Date: December 16, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Google Not Affected\n\nNotified: 2020-08-28 Updated: 2020-12-08\n\n**Statement Date: September 25, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HCC Not Affected\n\nNotified: 2020-09-09 Updated: 2020-12-08\n\n**Statement Date: December 08, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Infoblox __ Not Affected\n\nNotified: 2020-08-28 Updated: 2020-12-08\n\n**Statement Date: September 16, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nOur products have none of the embedded software listed in this case.\n\n### Intel Not Affected\n\nNotified: 2020-08-20 Updated: 2021-01-11\n\n**Statement Date: January 11, 2021**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Juniper Networks __ Not Affected\n\nNotified: 2020-08-20 Updated: 2020-12-08\n\n**Statement Date: September 02, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**Vendor Statement:** \nJuniper Networks products do not use Contiki-OS, thus we are not affected. \n**CVE-2020-13985**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use Contiki-OS, thus we are not affected. \n**CVE-2020-13986**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use Contiki-OS, thus we are not affected. \n**CVE-2020-13987**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use uIP, thus we are not affected. \n**CVE-2020-13988**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use Contiki-OS, thus we are not affected. \n**CVE-2020-17437**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use Contiki-OS, thus we are not affected. \n**CVE-2020-17438**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use uIP, thus we are not affected. \n**CVE-2020-17439**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use uIP, thus we are not affected. \n**CVE-2020-17440**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use uIP, thus we are not affected. \n**CVE-2020-17441**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use PicoTCP nor PicoTCP-NG, thus we are not affected. \n**CVE-2020-17442**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use PicoTCP nor PicoTCP-NG, thus we are not affected. \n**CVE-2020-17443**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use PicoTCP nor PicoTCP-NG, thus we are not affected. \n**CVE-2020-17444**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use PicoTCP and PicoTCP-NG, thus we are not affected. \n**CVE-2020-17445**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use PicoTCP nor PicoTCP-NG, thus we are not affected. \n**CVE-2020-17467**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use Fnet, thus we are not affected. \n**CVE-2020-17468**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use Fnet, thus we are not affected. \n**CVE-2020-17469**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use Fnet, thus we are not affected. \n**CVE-2020-17470**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use Fnet, thus we are not affected. \n**CVE-2020-24334**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use Contiki-OS, thus we are not affected. \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use Contiki-OS, thus we are not affected. \n**CVE-2020-24337**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use PicoTCP nor PicoTCP-NG, thus we are not affected. \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use PicoTCP nor PicoTCP-NG, thus we are not affected. \n**CVE-2020-24341**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use PicoTCP nor PicoTCP-NG, thus we are not affected. \n**CVE-2020-24383**| Not Affected \n**Vendor Statement:** \nJuniper Networks products do not use Fnet, thus we are not affected. \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n### Miredo __ Not Affected\n\nNotified: 2020-08-28 Updated: 2021-01-28\n\n**Statement Date: January 19, 2021**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nmiredo uses adhoc code for ICMPv6; is not involved with DNS.\n\n### Nokia Not Affected\n\nNotified: 2020-08-28 Updated: 2020-12-08\n\n**Statement Date: September 03, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Rockwell Automation Not Affected\n\nNotified: 2020-08-25 Updated: 2021-05-11\n\n**Statement Date: April 13, 2021**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Securepoint GmbH Not Affected\n\nNotified: 2020-12-15 Updated: 2021-03-23\n\n**Statement Date: March 19, 2021**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Not Affected \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sophos __ Not Affected\n\nNotified: 2020-09-07 Updated: 2020-12-21\n\n**Statement Date: December 21, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nSophos products and services are not impacted by these vulnerabilities.\n\n### VMware __ Not Affected\n\nNotified: 2020-08-28 Updated: 2020-12-08\n\n**Statement Date: September 14, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nVmware is not affected by these issues directly.\n\n### VMware Carbon Black Not Affected\n\nNotified: 2020-08-28 Updated: 2020-12-08\n\n**Statement Date: September 09, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Wind River Not Affected\n\nNotified: 2020-08-25 Updated: 2020-12-08\n\n**Statement Date: October 14, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Xilinx __ Not Affected\n\nNotified: 2020-08-25 Updated: 2020-12-08\n\n**Statement Date: September 11, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nXilinx is not affected by these vulnerabilities.\n\n#### References\n\n * <https://www.xilinx.com/support/service-portal/security.html>\n\n### Zebra Technologies Not Affected\n\nNotified: 2020-08-28 Updated: 2021-01-28 **CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Zephyr Project __ Not Affected\n\nNotified: 2020-09-07 Updated: 2020-12-08\n\n**Statement Date: October 05, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nThe affected code is not used in the Zephyr TCP implementation.\n\n### Zyxel __ Not Affected\n\nNotified: 2020-08-21 Updated: 2020-12-09\n\n**Statement Date: December 09, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nZyxel is NOT affected because our products don\u2019t make use of these TCP/IP software\n\n### dd-wrt Not Affected\n\nNotified: 2020-12-02 Updated: 2020-12-08\n\n**Statement Date: December 08, 2020**\n\n**CVE-2020-13984**| Not Affected \n---|--- \n**CVE-2020-13985**| Not Affected \n**CVE-2020-13986**| Not Affected \n**CVE-2020-13987**| Not Affected \n**CVE-2020-13988**| Not Affected \n**CVE-2020-17437**| Not Affected \n**CVE-2020-17438**| Not Affected \n**CVE-2020-17439**| Not Affected \n**CVE-2020-17440**| Not Affected \n**CVE-2020-17441**| Not Affected \n**CVE-2020-17442**| Not Affected \n**CVE-2020-17443**| Not Affected \n**CVE-2020-17444**| Not Affected \n**CVE-2020-17445**| Not Affected \n**CVE-2020-17467**| Not Affected \n**CVE-2020-17468**| Not Affected \n**CVE-2020-17469**| Not Affected \n**CVE-2020-17470**| Not Affected \n**CVE-2020-24334**| Not Affected \n**CVE-2020-24335**| Not Affected \n**CVE-2020-24336**| Not Affected \n**CVE-2020-24337**| Not Affected \n**CVE-2020-24338**| Not Affected \n**CVE-2020-24339**| Not Affected \n**CVE-2020-24340**| Not Affected \n**CVE-2020-24341**| Not Affected \n**CVE-2020-24383**| Not Affected \n**CVE-2020-25107**| Not Affected \n**CVE-2020-25108**| Not Affected \n**CVE-2020-25109**| Not Affected \n**CVE-2020-25110**| Not Affected \n**CVE-2020-25111**| Not Affected \n**CVE-2020-25112**| Not Affected \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Alcatel-Lucent Enterprise Unknown\n\nNotified: 2020-08-24 Updated: 2021-05-11\n\n**Statement Date: April 06, 2021**\n\n**CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Texas Instruments __ Unknown\n\nNotified: 2020-12-02 Updated: 2021-03-15\n\n**Statement Date: January 21, 2021**\n\n**CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### CERT Addendum\n\nPlease visit Texas Instrument PSIRT anouncement on AMNESIA:33 vulnerabilities. https://www.ti.com/lit/ml/sszo001/sszo001.pdf?ts=1615806156409\n\n### m0n0wall __ Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-17 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n#### CERT Addendum\n\nNote that M0n0wall is end-of-life http://forum.m0n0.ch/forum/topic,6369.0.html https://m0n0.ch/wall/mailinglist.php\n\nAdministrator of this software, Manuel Kasper, recommends you move to OPNSense\n\n### ADATA Unknown\n\nNotified: 2020-08-24 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ANTlabs Unknown\n\nNotified: 2020-08-24 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Actelis Networks Unknown\n\nNotified: 2020-08-24 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Aerohive Unknown\n\nNotified: 2020-08-24 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### AhnLab Inc Unknown\n\nNotified: 2020-08-24 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Akamai Technologies Inc. Unknown\n\nNotified: 2020-08-24 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Allied Telesis Unknown\n\nNotified: 2020-08-24 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Altran Intelligent Systems Unknown\n\nNotified: 2020-08-20 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Apache Software Foundation Unknown\n\nNotified: 2020-11-02 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Aruba Networks Unknown\n\nNotified: 2020-10-02 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Atheros Communications Inc Unknown\n\nNotified: 2020-08-24 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Avaya Inc. Unknown\n\nNotified: 2020-08-24 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Belkin Inc. Unknown\n\nNotified: 2020-08-26 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Bell Canada Enterprises Unknown\n\nNotified: 2020-08-26 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Blunk Microsystems Unknown\n\nNotified: 2020-08-26 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### BoringSSL Unknown\n\nNotified: 2020-08-26 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Broadcom Unknown\n\nNotified: 2020-08-26 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CERT-UBIK Unknown\n\nNotified: 2020-08-28 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CMX Systems Unknown\n\nNotified: 2020-08-28 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cambium Networks Unknown\n\nNotified: 2020-08-28 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Canon Unknown\n\nNotified: 2020-12-02 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### CareStream Unknown\n\nNotified: 2020-08-20 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cesanta Unknown\n\nNotified: 2020-08-28 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cirpack Unknown\n\nNotified: 2020-08-28 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Commscope Unknown\n\nNotified: 2020-08-28 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Contiki OS Unknown\n\nNotified: 2020-08-24 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cricket Wireless Unknown\n\nNotified: 2020-08-31 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Cypress Semiconductor Unknown\n\nNotified: 2020-08-31 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### D-Link Systems Inc. Unknown\n\nNotified: 2020-08-20 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell Unknown\n\nNotified: 2020-08-31 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Dell EMC Unknown\n\nNotified: 2020-08-31 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Deutsche Telekom Unknown\n\nNotified: 2020-08-31 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Devicescape Unknown\n\nNotified: 2020-08-31 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Diebold Election Systems Unknown\n\nNotified: 2020-08-31 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ENEA Unknown\n\nNotified: 2020-08-31 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### EfficientIP Unknown\n\nNotified: 2020-08-31 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Egnite Unknown\n\nNotified: 2020-09-16 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ericsson Unknown\n\nNotified: 2020-08-21 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Extreme Networks Unknown\n\nNotified: 2020-08-28 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Force10 Networks Unknown\n\nNotified: 2020-09-09 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Foundry Brocade Unknown\n\nNotified: 2020-09-09 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### FreeBSD Project Unknown\n\nNotified: 2020-08-25 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### FreeRTOS Unknown\n\nNotified: 2020-08-25 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### GFI Software Unknown\n\nNotified: 2020-09-09 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Grandstream Unknown\n\nNotified: 2020-09-09 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Green Hills Software Unknown\n\nNotified: 2020-08-25 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### HP Inc. Unknown\n\nNotified: 2020-09-09 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hewlett Packard Enterprise Unknown\n\nNotified: 2020-08-25 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Hitachi Unknown\n\nNotified: 2020-09-09 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Honeywell Unknown\n\nNotified: 2020-09-09 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Huawei Unknown\n\nNotified: 2020-08-28 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Unknown\n\nNotified: 2020-08-28 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IBM Numa-Q Division (Formerly Sequent) Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ICASI Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### INTEROP Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### IP Infusion Inc. Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### InfoExpress Inc. Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Inmarsat Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Kwikset Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LG Electronics Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LITE-ON Technology Corporation Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lantronix Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lenovo Unknown\n\nNotified: 2020-08-28 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LibreSSL Unknown\n\nNotified: 2020-08-28 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### LiteSpeed Technologies Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Lynx Software Technologies Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Marvell Semiconductor Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### MediaTek Unknown\n\nNotified: 2020-08-28 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Medtronic Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Metaswitch Networks Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Micrium Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Microsoft Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Monroe Electronics Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Motorola Inc. Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Muonics Inc. Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NEC Corporation Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NETSCOUT Unknown\n\nNotified: 2020-08-28 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NetBSD Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### NetBurner Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OleumTech Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenConnect Ltd Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### OpenSSL Unknown\n\nNotified: 2020-09-09 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Oracle Corporation Unknown\n\nNotified: 2020-08-20 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Oryx Embedded Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Paessler Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Palo Alto Networks Unknown\n\nNotified: 2020-08-20 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Panasonic Unknown\n\nNotified: 2020-08-21 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Philips Electronics Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Proxim Inc. Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Pulse Secure Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### QLogic Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### QNAP Unknown\n\nNotified: 2020-10-08 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Quadros Systems Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Qualcomm Unknown\n\nNotified: 2020-08-25 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Riverbed Technologies Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Roku Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ruijie Networks Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SEIKO EPSON Corp. / Epson America Inc. Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SafeNet Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Samsung Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Samsung Semiconductor Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Schneider Electric Unknown\n\nNotified: 2020-12-08 Updated: 2020-12-09 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Siemens Nixdorf AG Unknown\n\nNotified: 2020-10-26 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sierra Wireless Unknown\n\nNotified: 2020-12-10 Updated: 2020-12-14 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SmoothWall Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### SonicWall Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Sonos Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Systech Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TCPWave Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TP-LINK Unknown\n\nNotified: 2020-12-10 Updated: 2020-12-14 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Tenable Network Security Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Tizen Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Toshiba Commerce Solutions Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Ubuntu Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Untangle Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vertical Networks Inc. Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### WizNET Technology Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Xerox Unknown\n\nNotified: 2020-12-02 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Yamaha Corporation Unknown\n\nNotified: 2020-12-02 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### ZTE Corporation Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### netsnmp Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### netsnmpj Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### wolfSSL Unknown\n\nNotified: 2020-09-07 Updated: 2020-12-08 **CVE-2020-13984**| Unknown \n---|--- \n**CVE-2020-13985**| Unknown \n**CVE-2020-13986**| Unknown \n**CVE-2020-13987**| Unknown \n**CVE-2020-13988**| Unknown \n**CVE-2020-17437**| Unknown \n**CVE-2020-17438**| Unknown \n**CVE-2020-17439**| Unknown \n**CVE-2020-17440**| Unknown \n**CVE-2020-17441**| Unknown \n**CVE-2020-17442**| Unknown \n**CVE-2020-17443**| Unknown \n**CVE-2020-17444**| Unknown \n**CVE-2020-17445**| Unknown \n**CVE-2020-17467**| Unknown \n**CVE-2020-17468**| Unknown \n**CVE-2020-17469**| Unknown \n**CVE-2020-17470**| Unknown \n**CVE-2020-24334**| Unknown \n**CVE-2020-24335**| Unknown \n**CVE-2020-24336**| Unknown \n**CVE-2020-24337**| Unknown \n**CVE-2020-24338**| Unknown \n**CVE-2020-24339**| Unknown \n**CVE-2020-24340**| Unknown \n**CVE-2020-24341**| Unknown \n**CVE-2020-24383**| Unknown \n**CVE-2020-25107**| Unknown \n**CVE-2020-25108**| Unknown \n**CVE-2020-25109**| Unknown \n**CVE-2020-25110**| Unknown \n**CVE-2020-25111**| Unknown \n**CVE-2020-25112**| Unknown \n**CVE-2021-28362**| Unknown \n \n#### Vendor Statement\n\nWe have not received a statement from the vendor.\n\nView all 174 vendors __View less vendors __\n\n \n\n\n### References\n\n * <https://www.forescout.com/amnesia33>\n * <https://us-cert.cisa.gov/ics/advisories/ICSA-20-343-01>\n * <https://www.iotsecurityfoundation.org/securing-the-embedded-iot-world/>\n * <https://krebsonsecurity.com/2018/01/some-basic-rules-for-securing-your-iot-stuff/>\n * <https://skelia.com/articles/iot-security-why-your-toaster-needs-a-firewall/>\n\n### Other Information\n\n**CVE IDs:** | [CVE-2020-13984 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-13984>) [CVE-2020-13985 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-13985>) [CVE-2020-13986 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-13986>) [CVE-2020-13987 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-13987>) [CVE-2020-13988 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-13988>) [CVE-2020-17437 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-17437>) [CVE-2020-17438 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-17438>) [CVE-2020-17439 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-17439>) [CVE-2020-17440 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-17440>) [CVE-2020-17441 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-17441>) [CVE-2020-17442 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-17442>) [CVE-2020-17443 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-17443>) [CVE-2020-17444 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-17444>) [CVE-2020-17445 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-17445>) [CVE-2020-17467 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-17467>) [CVE-2020-17468 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-17468>) [CVE-2020-17469 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-17469>) [CVE-2020-17470 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-17470>) [CVE-2020-24334 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-24334>) [CVE-2020-24335 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-24335>) [CVE-2020-24336 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-24336>) [CVE-2020-24337 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-24337>) [CVE-2020-24338 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-24338>) [CVE-2020-24339 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-24339>) [CVE-2020-24340 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-24340>) [CVE-2020-24341 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-24341>) [CVE-2020-24383 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-24383>) [CVE-2020-25107 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25107>) [CVE-2020-25108 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25108>) [CVE-2020-25109 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25109>) [CVE-2020-25110 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25110>) [CVE-2020-25111 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25111>) [CVE-2020-25112 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2020-25112>) [CVE-2021-28362 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2021-28362>) \n---|--- \n**Date Public:** | 2020-12-08 \n**Date First Published:** | 2020-12-08 \n**Date Last Updated: ** | 2021-05-11 15:55 UTC \n**Document Revision: ** | 17 \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-08T00:00:00", "type": "cert", "title": "Embedded TCP/IP stacks have memory corruption vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13984", "CVE-2020-13985", "CVE-2020-13986", "CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437", "CVE-2020-17438", "CVE-2020-17439", "CVE-2020-17440", "CVE-2020-17441", "CVE-2020-17442", "CVE-2020-17443", "CVE-2020-17444", "CVE-2020-17445", "CVE-2020-17467", "CVE-2020-17468", "CVE-2020-17469", "CVE-2020-17470", "CVE-2020-24334", "CVE-2020-24335", "CVE-2020-24336", "CVE-2020-24337", "CVE-2020-24338", "CVE-2020-24339", "CVE-2020-24340", "CVE-2020-24341", "CVE-2020-24383", "CVE-2020-25107", "CVE-2020-25108", "CVE-2020-25109", "CVE-2020-25110", "CVE-2020-25111", "CVE-2020-25112", "CVE-2021-28362"], "modified": "2021-05-11T15:55:00", "id": "VU:815128", "href": "https://www.kb.cert.org/vuls/id/815128", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "attackerkb": [{"lastseen": "2021-10-28T01:54:23", "description": "[Amnesia:33](<https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/>) is a group of 33 vulnerabilities in open-source TCP/IP stack libraries. The vulnerabilities may be present in a wide range of operational technology, IoT, and connected device implementations.\n\n \n**Recent assessments:** \n \n**ccondon-r7** at December 08, 2020 9:05pm UTC reported:\n\nSorta relying here on the fact that memory corruption vulns are difficult to weaponize or even trigger reliably, and it sounds like there will be lots of different implementations of the vulnerable libraries, so uniform attack surface area is going to be scarce. Rapid7\u2019s IoT research lead noted as well that TCP stack issues like this may well require the attacker to be on same subnet, and it\u2019s unlikely that upstream routers would accept unexpected/malformed packets. There\u2019ll be lots of fragmented vendor advisories trickling out in bits, I\u2019d expect. There may be more detail out on which to base assessments later this week.\n\nAssessed Attacker Value: 2 \nAssessed Attacker Value: 2Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-12-08T00:00:00", "type": "attackerkb", "title": "Amnesia:33", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24336", "CVE-2020-24338", "CVE-2020-25111", "CVE-2020-25112"], "modified": "2020-12-08T00:00:00", "id": "AKB:D06E04AB-0FFE-4CE4-A29C-24BC05F6E804", "href": "https://attackerkb.com/topics/UBfm95fV8w/amnesia-33/rapid7-analysis", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2022-07-12T14:51:00", "description": "This update for open-iscsi fixes the following issues :\n\nCVE-2020-17437: uIP Out-of-Bounds Write (bsc#1179908)\n\nCVE-2020-17438: uIP Out-of-Bounds Write (bsc#1179908)\n\nCVE-2020-13987: uIP Out-of-Bounds Read (bsc#1179908)\n\nCVE-2020-13988: uIP Integer Overflow (bsc#1179908)\n\nEnabled no-wait ('-W') iscsiadm option for iscsi login service (bsc#1173886, bsc#1183421)\n\nAdded the ability to perform async logins (bsc#1173886)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : open-iscsi (SUSE-SU-2021:1164-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437", "CVE-2020-17438"], "modified": "2021-04-16T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:iscsiuio:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:iscsiuio-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libopeniscsiusr0_2_0:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libopeniscsiusr0_2_0-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:open-iscsi:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:open-iscsi-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:open-iscsi-debugsource:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:open-iscsi-devel:*:*:*:*:*:*:*"], "id": "SUSE_SU-2021-1164-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148504", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1164-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148504);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/16\");\n\n script_cve_id(\"CVE-2020-13987\", \"CVE-2020-13988\", \"CVE-2020-17437\", \"CVE-2020-17438\");\n\n script_name(english:\"SUSE SLES15 Security Update : open-iscsi (SUSE-SU-2021:1164-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for open-iscsi fixes the following issues :\n\nCVE-2020-17437: uIP Out-of-Bounds Write (bsc#1179908)\n\nCVE-2020-17438: uIP Out-of-Bounds Write (bsc#1179908)\n\nCVE-2020-13987: uIP Out-of-Bounds Read (bsc#1179908)\n\nCVE-2020-13988: uIP Integer Overflow (bsc#1179908)\n\nEnabled no-wait ('-W') iscsiadm option for iscsi login service\n(bsc#1173886, bsc#1183421)\n\nAdded the ability to perform async logins (bsc#1173886)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-13987/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-13988/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-17437/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-17438/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211164-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8459214\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Manager Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1164=1\n\nSUSE Manager Retail Branch Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1164=1\n\nSUSE Manager Proxy 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1164=1\n\nSUSE Linux Enterprise Server for SAP 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1164=1\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1164=1\n\nSUSE Linux Enterprise Server 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1164=1\n\nSUSE Linux Enterprise Server 15-SP1-BCL :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1164=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2021-1164=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP3 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-1164=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-1164=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1164=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1164=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-1164=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-1164=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2021-1164=1\n\nSUSE CaaS Platform 4.0 :\n\nTo install this update, use the SUSE CaaS Platform 'skuba' tool. I\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:iscsiuio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:iscsiuio-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopeniscsiusr0_2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopeniscsiusr0_2_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-iscsi-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-iscsi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"iscsiuio-0.7.8.2-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"iscsiuio-debuginfo-0.7.8.2-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libopeniscsiusr0_2_0-2.0.876-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"open-iscsi-2.0.876-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"open-iscsi-debuginfo-2.0.876-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"open-iscsi-debugsource-2.0.876-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"open-iscsi-devel-2.0.876-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"open-iscsi-debuginfo-2.0.876-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"open-iscsi-debugsource-2.0.876-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"iscsiuio-0.7.8.2-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"iscsiuio-debuginfo-0.7.8.2-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopeniscsiusr0_2_0-2.0.876-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"libopeniscsiusr0_2_0-debuginfo-2.0.876-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"open-iscsi-2.0.876-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"open-iscsi-debuginfo-2.0.876-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"open-iscsi-debugsource-2.0.876-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"open-iscsi-devel-2.0.876-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"open-iscsi-debuginfo-2.0.876-13.42.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"open-iscsi-debugsource-2.0.876-13.42.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-iscsi\");\n}\n", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-13T00:31:25", "description": "This update for open-iscsi fixes the following issues :\n\nFixes for CVE-2019-17437, CVE-2020-17438, CVE-2020-13987 and CVE-2020-13988 (bsc#1179908) :\n\ncheck for TCP urgent pointer past end of frame\n\ncheck for u8 overflow when processing TCP options\n\ncheck for header length underflow during checksum calculation\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-02T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : open-iscsi (SUSE-SU-2021:0663-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-17437", "CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437", "CVE-2020-17438"], "modified": "2021-03-04T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:iscsiuio", "p-cpe:/a:novell:suse_linux:iscsiuio-debuginfo", "p-cpe:/a:novell:suse_linux:libopeniscsiusr0_2_0", "p-cpe:/a:novell:suse_linux:libopeniscsiusr0_2_0-debuginfo", "p-cpe:/a:novell:suse_linux:open-iscsi", "p-cpe:/a:novell:suse_linux:open-iscsi-debuginfo", "p-cpe:/a:novell:suse_linux:open-iscsi-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0663-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146944", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0663-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146944);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/04\");\n\n script_cve_id(\"CVE-2019-17437\", \"CVE-2020-13987\", \"CVE-2020-13988\", \"CVE-2020-17437\", \"CVE-2020-17438\");\n\n script_name(english:\"SUSE SLES12 Security Update : open-iscsi (SUSE-SU-2021:0663-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for open-iscsi fixes the following issues :\n\nFixes for CVE-2019-17437, CVE-2020-17438, CVE-2020-13987 and\nCVE-2020-13988 (bsc#1179908) :\n\ncheck for TCP urgent pointer past end of frame\n\ncheck for u8 overflow when processing TCP options\n\ncheck for header length underflow during checksum calculation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-13987/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-13988/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-17437/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-17438/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210663-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a53f165d\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-663=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2021-663=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-663=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-663=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-663=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:iscsiuio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:iscsiuio-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopeniscsiusr0_2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopeniscsiusr0_2_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-iscsi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:open-iscsi-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"iscsiuio-0.7.8.2-12.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"iscsiuio-debuginfo-0.7.8.2-12.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libopeniscsiusr0_2_0-2.0.876-12.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libopeniscsiusr0_2_0-debuginfo-2.0.876-12.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"open-iscsi-2.0.876-12.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"open-iscsi-debuginfo-2.0.876-12.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"open-iscsi-debugsource-2.0.876-12.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"iscsiuio-0.7.8.2-12.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"iscsiuio-debuginfo-0.7.8.2-12.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libopeniscsiusr0_2_0-2.0.876-12.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libopeniscsiusr0_2_0-debuginfo-2.0.876-12.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"open-iscsi-2.0.876-12.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"open-iscsi-debuginfo-2.0.876-12.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"open-iscsi-debugsource-2.0.876-12.27.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-iscsi\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-09T15:01:42", "description": "According to the versions of the open-iscsi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer.\n However, the length of this offset is not checked therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.(CVE-2020-17437)\n\n - An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.(CVE-2020-13987)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2021-01-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : open-iscsi (EulerOS-SA-2021-1012)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437"], "modified": "2021-04-19T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:open-iscsi", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1012.NASL", "href": "https://www.tenable.com/plugins/nessus/144661", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144661);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/19\");\n\n script_cve_id(\n \"CVE-2020-13987\",\n \"CVE-2020-13988\",\n \"CVE-2020-17437\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : open-iscsi (EulerOS-SA-2021-1012)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the open-iscsi package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in uIP 1.0, as used in Contiki\n 3.0 and other products. When the Urgent flag is set in\n a TCP packet, and the stack is configured to ignore the\n urgent data, the stack attempts to use the value of the\n Urgent pointer bytes to separate the Urgent data from\n the normal data, by calculating the offset at which the\n normal data should be present in the global buffer.\n However, the length of this offset is not checked\n therefore, for large values of the Urgent pointer\n bytes, the data pointer can point to memory that is way\n beyond the data buffer in uip_process in\n uip.c.(CVE-2020-17437)\n\n - An issue was discovered in Contiki through 3.0. An\n Integer Overflow exists in the uIP TCP/IP Stack\n component when parsing TCP MSS options of IPv4 network\n packets in uip_process in\n net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in Contiki through 3.0. An\n Out-of-Bounds Read vulnerability exists in the uIP\n TCP/IP Stack component when calculating the checksums\n for IP packets in upper_layer_chksum in\n net/ipv4/uip.c.(CVE-2020-13987)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1012\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?25720d27\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected open-iscsi packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:open-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"open-iscsi-2.0.876-21.h8.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-iscsi\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-10T16:03:54", "description": "According to the versions of the iscsi-initiator-utils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.(CVE-2020-13987)\n\n - An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer.\n However, the length of this offset is not checked therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.(CVE-2020-17437)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2021-02-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : iscsi-initiator-utils (EulerOS-SA-2021-1307)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437"], "modified": "2021-02-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:iscsi-initiator-utils", "p-cpe:/a:huawei:euleros:iscsi-initiator-utils-iscsiuio", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1307.NASL", "href": "https://www.tenable.com/plugins/nessus/146704", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146704);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/24\");\n\n script_cve_id(\n \"CVE-2020-13987\",\n \"CVE-2020-13988\",\n \"CVE-2020-17437\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : iscsi-initiator-utils (EulerOS-SA-2021-1307)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the iscsi-initiator-utils packages\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in Contiki through 3.0. An\n Out-of-Bounds Read vulnerability exists in the uIP\n TCP/IP Stack component when calculating the checksums\n for IP packets in upper_layer_chksum in\n net/ipv4/uip.c.(CVE-2020-13987)\n\n - An issue was discovered in Contiki through 3.0. An\n Integer Overflow exists in the uIP TCP/IP Stack\n component when parsing TCP MSS options of IPv4 network\n packets in uip_process in\n net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in uIP 1.0, as used in Contiki\n 3.0 and other products. When the Urgent flag is set in\n a TCP packet, and the stack is configured to ignore the\n urgent data, the stack attempts to use the value of the\n Urgent pointer bytes to separate the Urgent data from\n the normal data, by calculating the offset at which the\n normal data should be present in the global buffer.\n However, the length of this offset is not checked\n therefore, for large values of the Urgent pointer\n bytes, the data pointer can point to memory that is way\n beyond the data buffer in uip_process in\n uip.c.(CVE-2020-17437)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1307\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dadf6fed\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected iscsi-initiator-utils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:iscsi-initiator-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:iscsi-initiator-utils-iscsiuio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"iscsi-initiator-utils-6.2.0.873-33.2.h10\",\n \"iscsi-initiator-utils-iscsiuio-6.2.0.873-33.2.h10\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"iscsi-initiator-utils\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-10T16:00:42", "description": "According to the versions of the iscsi-initiator-utils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.(CVE-2020-13987)\n\n - An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer.\n However, the length of this offset is not checked therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.(CVE-2020-17437)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : iscsi-initiator-utils (EulerOS-SA-2021-1076)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437"], "modified": "2021-01-22T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:iscsi-initiator-utils", "p-cpe:/a:huawei:euleros:iscsi-initiator-utils-iscsiuio", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1076.NASL", "href": "https://www.tenable.com/plugins/nessus/145098", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145098);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\n \"CVE-2020-13987\",\n \"CVE-2020-13988\",\n \"CVE-2020-17437\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : iscsi-initiator-utils (EulerOS-SA-2021-1076)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the iscsi-initiator-utils packages\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in Contiki through 3.0. An\n Out-of-Bounds Read vulnerability exists in the uIP\n TCP/IP Stack component when calculating the checksums\n for IP packets in upper_layer_chksum in\n net/ipv4/uip.c.(CVE-2020-13987)\n\n - An issue was discovered in Contiki through 3.0. An\n Integer Overflow exists in the uIP TCP/IP Stack\n component when parsing TCP MSS options of IPv4 network\n packets in uip_process in\n net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in uIP 1.0, as used in Contiki\n 3.0 and other products. When the Urgent flag is set in\n a TCP packet, and the stack is configured to ignore the\n urgent data, the stack attempts to use the value of the\n Urgent pointer bytes to separate the Urgent data from\n the normal data, by calculating the offset at which the\n normal data should be present in the global buffer.\n However, the length of this offset is not checked\n therefore, for large values of the Urgent pointer\n bytes, the data pointer can point to memory that is way\n beyond the data buffer in uip_process in\n uip.c.(CVE-2020-17437)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1076\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e55e65c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected iscsi-initiator-utils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:iscsi-initiator-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:iscsi-initiator-utils-iscsiuio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"iscsi-initiator-utils-6.2.0.873-33.2.h28\",\n \"iscsi-initiator-utils-iscsiuio-6.2.0.873-33.2.h28\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"iscsi-initiator-utils\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-10T16:00:42", "description": "According to the versions of the open-iscsi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer.\n However, the length of this offset is not checked therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.(CVE-2020-17437)\n\n - An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.(CVE-2020-13987)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2021-01-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : open-iscsi (EulerOS-SA-2021-1031)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:open-iscsi", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1031.NASL", "href": "https://www.tenable.com/plugins/nessus/144683", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144683);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\n \"CVE-2020-13987\",\n \"CVE-2020-13988\",\n \"CVE-2020-17437\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : open-iscsi (EulerOS-SA-2021-1031)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the open-iscsi package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in uIP 1.0, as used in Contiki\n 3.0 and other products. When the Urgent flag is set in\n a TCP packet, and the stack is configured to ignore the\n urgent data, the stack attempts to use the value of the\n Urgent pointer bytes to separate the Urgent data from\n the normal data, by calculating the offset at which the\n normal data should be present in the global buffer.\n However, the length of this offset is not checked\n therefore, for large values of the Urgent pointer\n bytes, the data pointer can point to memory that is way\n beyond the data buffer in uip_process in\n uip.c.(CVE-2020-17437)\n\n - An issue was discovered in Contiki through 3.0. An\n Integer Overflow exists in the uIP TCP/IP Stack\n component when parsing TCP MSS options of IPv4 network\n packets in uip_process in\n net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in Contiki through 3.0. An\n Out-of-Bounds Read vulnerability exists in the uIP\n TCP/IP Stack component when calculating the checksums\n for IP packets in upper_layer_chksum in\n net/ipv4/uip.c.(CVE-2020-13987)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1031\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea870127\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected open-iscsi packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:open-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"open-iscsi-2.0.876-21.h8.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-iscsi\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-10T16:23:39", "description": "According to the versions of the iscsi-initiator-utils packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.(CVE-2020-13987)\n\n - An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer.\n However, the length of this offset is not checked therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.(CVE-2020-17437)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2021-07-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : iscsi-initiator-utils (EulerOS-SA-2021-2138)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437"], "modified": "2021-07-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:iscsi-initiator-utils", "p-cpe:/a:huawei:euleros:iscsi-initiator-utils-iscsiuio", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2021-2138.NASL", "href": "https://www.tenable.com/plugins/nessus/151402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151402);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/08\");\n\n script_cve_id(\n \"CVE-2020-13987\",\n \"CVE-2020-13988\",\n \"CVE-2020-17437\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : iscsi-initiator-utils (EulerOS-SA-2021-2138)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the iscsi-initiator-utils packages\ninstalled, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - An issue was discovered in Contiki through 3.0. An\n Out-of-Bounds Read vulnerability exists in the uIP\n TCP/IP Stack component when calculating the checksums\n for IP packets in upper_layer_chksum in\n net/ipv4/uip.c.(CVE-2020-13987)\n\n - An issue was discovered in Contiki through 3.0. An\n Integer Overflow exists in the uIP TCP/IP Stack\n component when parsing TCP MSS options of IPv4 network\n packets in uip_process in\n net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in uIP 1.0, as used in Contiki\n 3.0 and other products. When the Urgent flag is set in\n a TCP packet, and the stack is configured to ignore the\n urgent data, the stack attempts to use the value of the\n Urgent pointer bytes to separate the Urgent data from\n the normal data, by calculating the offset at which the\n normal data should be present in the global buffer.\n However, the length of this offset is not checked\n therefore, for large values of the Urgent pointer\n bytes, the data pointer can point to memory that is way\n beyond the data buffer in uip_process in\n uip.c.(CVE-2020-17437)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2138\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a1a5f426\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected iscsi-initiator-utils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:iscsi-initiator-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:iscsi-initiator-utils-iscsiuio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"iscsi-initiator-utils-6.2.0.874-8.h8\",\n \"iscsi-initiator-utils-iscsiuio-6.2.0.874-8.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"iscsi-initiator-utils\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-10T16:07:56", "description": "According to the versions of the iscsi-initiator-utils packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer.\n However, the length of this offset is not checked therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.(CVE-2020-17437)\n\n - An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.(CVE-2020-13987)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : iscsi-initiator-utils (EulerOS-SA-2021-1377)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437"], "modified": "2021-03-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:iscsi-initiator-utils", "p-cpe:/a:huawei:euleros:iscsi-initiator-utils-iscsiuio", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-1377.NASL", "href": "https://www.tenable.com/plugins/nessus/147546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147546);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2020-13987\",\n \"CVE-2020-13988\",\n \"CVE-2020-17437\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : iscsi-initiator-utils (EulerOS-SA-2021-1377)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the iscsi-initiator-utils packages\ninstalled, the EulerOS Virtualization for ARM 64 installation on the\nremote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Contiki through 3.0. An\n Integer Overflow exists in the uIP TCP/IP Stack\n component when parsing TCP MSS options of IPv4 network\n packets in uip_process in\n net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in uIP 1.0, as used in Contiki\n 3.0 and other products. When the Urgent flag is set in\n a TCP packet, and the stack is configured to ignore the\n urgent data, the stack attempts to use the value of the\n Urgent pointer bytes to separate the Urgent data from\n the normal data, by calculating the offset at which the\n normal data should be present in the global buffer.\n However, the length of this offset is not checked\n therefore, for large values of the Urgent pointer\n bytes, the data pointer can point to memory that is way\n beyond the data buffer in uip_process in\n uip.c.(CVE-2020-17437)\n\n - An issue was discovered in Contiki through 3.0. An\n Out-of-Bounds Read vulnerability exists in the uIP\n TCP/IP Stack component when calculating the checksums\n for IP packets in upper_layer_chksum in\n net/ipv4/uip.c.(CVE-2020-13987)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1377\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1a1cdc48\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected iscsi-initiator-utils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:iscsi-initiator-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:iscsi-initiator-utils-iscsiuio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"iscsi-initiator-utils-6.2.0.874-8.h14\",\n \"iscsi-initiator-utils-iscsiuio-6.2.0.874-8.h14\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"iscsi-initiator-utils\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-10T16:07:58", "description": "According to the versions of the open-iscsi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer.\n However, the length of this offset is not checked therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.(CVE-2020-17437)\n\n - An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.(CVE-2020-13987)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : open-iscsi (EulerOS-SA-2021-1617)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437"], "modified": "2021-04-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:open-iscsi", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-1617.NASL", "href": "https://www.tenable.com/plugins/nessus/147514", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147514);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\n \"CVE-2020-13987\",\n \"CVE-2020-13988\",\n \"CVE-2020-17437\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : open-iscsi (EulerOS-SA-2021-1617)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the open-iscsi package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in uIP 1.0, as used in Contiki\n 3.0 and other products. When the Urgent flag is set in\n a TCP packet, and the stack is configured to ignore the\n urgent data, the stack attempts to use the value of the\n Urgent pointer bytes to separate the Urgent data from\n the normal data, by calculating the offset at which the\n normal data should be present in the global buffer.\n However, the length of this offset is not checked\n therefore, for large values of the Urgent pointer\n bytes, the data pointer can point to memory that is way\n beyond the data buffer in uip_process in\n uip.c.(CVE-2020-17437)\n\n - An issue was discovered in Contiki through 3.0. An\n Integer Overflow exists in the uIP TCP/IP Stack\n component when parsing TCP MSS options of IPv4 network\n packets in uip_process in\n net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in Contiki through 3.0. An\n Out-of-Bounds Read vulnerability exists in the uIP\n TCP/IP Stack component when calculating the checksums\n for IP packets in upper_layer_chksum in\n net/ipv4/uip.c.(CVE-2020-13987)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1617\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?41384f49\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected open-iscsi packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:open-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"open-iscsi-2.0.876-21.h8.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-iscsi\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-10T16:07:58", "description": "According to the versions of the iscsi-initiator-utils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.(CVE-2020-13987)\n\n - An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer.\n However, the length of this offset is not checked therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.(CVE-2020-17437)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2021-03-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : iscsi-initiator-utils (EulerOS-SA-2021-1683)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437"], "modified": "2021-03-26T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:iscsi-initiator-utils", "p-cpe:/a:huawei:euleros:iscsi-initiator-utils-iscsiuio", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1683.NASL", "href": "https://www.tenable.com/plugins/nessus/148073", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148073);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/26\");\n\n script_cve_id(\n \"CVE-2020-13987\",\n \"CVE-2020-13988\",\n \"CVE-2020-17437\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : iscsi-initiator-utils (EulerOS-SA-2021-1683)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the iscsi-initiator-utils packages\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in Contiki through 3.0. An\n Out-of-Bounds Read vulnerability exists in the uIP\n TCP/IP Stack component when calculating the checksums\n for IP packets in upper_layer_chksum in\n net/ipv4/uip.c.(CVE-2020-13987)\n\n - An issue was discovered in Contiki through 3.0. An\n Integer Overflow exists in the uIP TCP/IP Stack\n component when parsing TCP MSS options of IPv4 network\n packets in uip_process in\n net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in uIP 1.0, as used in Contiki\n 3.0 and other products. When the Urgent flag is set in\n a TCP packet, and the stack is configured to ignore the\n urgent data, the stack attempts to use the value of the\n Urgent pointer bytes to separate the Urgent data from\n the normal data, by calculating the offset at which the\n normal data should be present in the global buffer.\n However, the length of this offset is not checked\n therefore, for large values of the Urgent pointer\n bytes, the data pointer can point to memory that is way\n beyond the data buffer in uip_process in\n uip.c.(CVE-2020-17437)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1683\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?82a848ea\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected iscsi-initiator-utils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:iscsi-initiator-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:iscsi-initiator-utils-iscsiuio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"iscsi-initiator-utils-6.2.0.874-8.h14.eulerosv2r7\",\n \"iscsi-initiator-utils-iscsiuio-6.2.0.874-8.h14.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"iscsi-initiator-utils\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-10T16:08:00", "description": "According to the versions of the open-iscsi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer.\n However, the length of this offset is not checked therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.(CVE-2020-17437)\n\n - An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.(CVE-2020-13987)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2021-03-11T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : open-iscsi (EulerOS-SA-2021-1639)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437"], "modified": "2021-04-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:open-iscsi", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-1639.NASL", "href": "https://www.tenable.com/plugins/nessus/147664", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147664);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\n \"CVE-2020-13987\",\n \"CVE-2020-13988\",\n \"CVE-2020-17437\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : open-iscsi (EulerOS-SA-2021-1639)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the open-iscsi package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in uIP 1.0, as used in Contiki\n 3.0 and other products. When the Urgent flag is set in\n a TCP packet, and the stack is configured to ignore the\n urgent data, the stack attempts to use the value of the\n Urgent pointer bytes to separate the Urgent data from\n the normal data, by calculating the offset at which the\n normal data should be present in the global buffer.\n However, the length of this offset is not checked\n therefore, for large values of the Urgent pointer\n bytes, the data pointer can point to memory that is way\n beyond the data buffer in uip_process in\n uip.c.(CVE-2020-17437)\n\n - An issue was discovered in Contiki through 3.0. An\n Integer Overflow exists in the uIP TCP/IP Stack\n component when parsing TCP MSS options of IPv4 network\n packets in uip_process in\n net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in Contiki through 3.0. An\n Out-of-Bounds Read vulnerability exists in the uIP\n TCP/IP Stack component when calculating the checksums\n for IP packets in upper_layer_chksum in\n net/ipv4/uip.c.(CVE-2020-13987)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1639\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eee7f4c7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected open-iscsi packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:open-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"open-iscsi-2.0.876-21.h8.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-iscsi\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-10T16:09:56", "description": "According to the versions of the iscsi-initiator-utils packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer.\n However, the length of this offset is not checked therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.(CVE-2020-17437)\n\n - An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.(CVE-2020-13987)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : iscsi-initiator-utils (EulerOS-SA-2021-1437)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437"], "modified": "2021-03-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:iscsi-initiator-utils", "p-cpe:/a:huawei:euleros:iscsi-initiator-utils-iscsiuio", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2021-1437.NASL", "href": "https://www.tenable.com/plugins/nessus/147465", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147465);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2020-13987\",\n \"CVE-2020-13988\",\n \"CVE-2020-17437\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : iscsi-initiator-utils (EulerOS-SA-2021-1437)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the iscsi-initiator-utils packages\ninstalled, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - An issue was discovered in uIP 1.0, as used in Contiki\n 3.0 and other products. When the Urgent flag is set in\n a TCP packet, and the stack is configured to ignore the\n urgent data, the stack attempts to use the value of the\n Urgent pointer bytes to separate the Urgent data from\n the normal data, by calculating the offset at which the\n normal data should be present in the global buffer.\n However, the length of this offset is not checked\n therefore, for large values of the Urgent pointer\n bytes, the data pointer can point to memory that is way\n beyond the data buffer in uip_process in\n uip.c.(CVE-2020-17437)\n\n - An issue was discovered in Contiki through 3.0. An\n Integer Overflow exists in the uIP TCP/IP Stack\n component when parsing TCP MSS options of IPv4 network\n packets in uip_process in\n net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in Contiki through 3.0. An\n Out-of-Bounds Read vulnerability exists in the uIP\n TCP/IP Stack component when calculating the checksums\n for IP packets in upper_layer_chksum in\n net/ipv4/uip.c.(CVE-2020-13987)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1437\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e6784f59\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected iscsi-initiator-utils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:iscsi-initiator-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:iscsi-initiator-utils-iscsiuio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"iscsi-initiator-utils-6.2.0.874-8.h14.eulerosv2r7\",\n \"iscsi-initiator-utils-iscsiuio-6.2.0.874-8.h14.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"iscsi-initiator-utils\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-10T16:05:42", "description": "According to the versions of the iscsi-initiator-utils packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer.\n However, the length of this offset is not checked therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.(CVE-2020-17437)\n\n - An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.(CVE-2020-13987)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : iscsi-initiator-utils (EulerOS-SA-2021-1485)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-13987", "CVE-2020-13988", "CVE-2020-17437"], "modified": "2021-03-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:iscsi-initiator-utils", "p-cpe:/a:huawei:euleros:iscsi-initiator-utils-iscsiuio", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2021-1485.NASL", "href": "https://www.tenable.com/plugins/nessus/147441", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147441);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2020-13987\",\n \"CVE-2020-13988\",\n \"CVE-2020-17437\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : iscsi-initiator-utils (EulerOS-SA-2021-1485)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the iscsi-initiator-utils packages\ninstalled, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - An issue was discovered in uIP 1.0, as used in Contiki\n 3.0 and other products. When the Urgent flag is set in\n a TCP packet, and the stack is configured to ignore the\n urgent data, the stack attempts to use the value of the\n Urgent pointer bytes to separate the Urgent data from\n the normal data, by calculating the offset at which the\n normal data should be present in the global buffer.\n However, the length of this offset is not checked\n therefore, for large values of the Urgent pointer\n bytes, the data pointer can point to memory that is way\n beyond the data buffer in uip_process in\n uip.c.(CVE-2020-17437)\n\n - An issue was discovered in Contiki through 3.0. An\n Integer Overflow exists in the uIP TCP/IP Stack\n component when parsing TCP MSS options of IPv4 network\n packets in uip_process in\n net/ipv4/uip.c.(CVE-2020-13988)\n\n - An issue was discovered in Contiki through 3.0. An\n Out-of-Bounds Read vulnerability exists in the uIP\n TCP/IP Stack component when calculating the checksums\n for IP packets in upper_layer_chksum in\n net/ipv4/uip.c.(CVE-2020-13987)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1485\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9d5b69ba\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected iscsi-initiator-utils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:iscsi-initiator-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:iscsi-initiator-utils-iscsiuio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"iscsi-initiator-utils-6.2.0.874-8.h14.eulerosv2r7\",\n \"iscsi-initiator-utils-iscsiuio-6.2.0.874-8.h14.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"iscsi-initiator-utils\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-09-28T11:53:35", "description": "According to the version of the open-iscsi package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.(CVE-2020-17438)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-06-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : open-iscsi (EulerOS-SA-2021-1953)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-17438"], "modified": "2021-06-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:open-iscsi", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1953.NASL", "href": "https://www.tenable.com/plugins/nessus/150209", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150209);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/07\");\n\n script_cve_id(\n \"CVE-2020-17438\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : open-iscsi (EulerOS-SA-2021-1953)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the open-iscsi package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - An issue was discovered in uIP 1.0, as used in Contiki\n 3.0 and other products. The code that reassembles\n fragmented packets fails to properly validate the total\n length of an incoming packet specified in its IP\n header, as well as the fragmentation offset value\n specified in the IP header. By crafting a packet with\n specific values of the IP header length and the\n fragmentation offset, attackers can write into the .bss\n section of the program (past the statically allocated\n buffer that is used for storing the fragmented data)\n and cause a denial of service in uip_reass() in uip.c,\n or possibly execute arbitrary code on some target\n architectures.(CVE-2020-17438)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1953\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?817c6130\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected open-iscsi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:open-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"open-iscsi-2.0.876-21.h15.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-iscsi\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-28T11:53:53", "description": "According to the version of the open-iscsi package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.(CVE-2020-17438)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-06-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : open-iscsi (EulerOS-SA-2021-1932)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-17438"], "modified": "2021-06-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:open-iscsi", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1932.NASL", "href": "https://www.tenable.com/plugins/nessus/150224", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150224);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/07\");\n\n script_cve_id(\n \"CVE-2020-17438\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : open-iscsi (EulerOS-SA-2021-1932)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the open-iscsi package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - An issue was discovered in uIP 1.0, as used in Contiki\n 3.0 and other products. The code that reassembles\n fragmented packets fails to properly validate the total\n length of an incoming packet specified in its IP\n header, as well as the fragmentation offset value\n specified in the IP header. By crafting a packet with\n specific values of the IP header length and the\n fragmentation offset, attackers can write into the .bss\n section of the program (past the statically allocated\n buffer that is used for storing the fragmented data)\n and cause a denial of service in uip_reass() in uip.c,\n or possibly execute arbitrary code on some target\n architectures.(CVE-2020-17438)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1932\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?00774b10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected open-iscsi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:open-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"open-iscsi-2.0.876-21.h15.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-iscsi\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-28T11:57:14", "description": "According to the version of the open-iscsi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.(CVE-2020-17438)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : open-iscsi (EulerOS-SA-2021-1762)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-17438"], "modified": "2021-04-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:open-iscsi", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-1762.NASL", "href": "https://www.tenable.com/plugins/nessus/148640", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148640);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\n \"CVE-2020-17438\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : open-iscsi (EulerOS-SA-2021-1762)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the open-iscsi package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - An issue was discovered in uIP 1.0, as used in Contiki\n 3.0 and other products. The code that reassembles\n fragmented packets fails to properly validate the total\n length of an incoming packet specified in its IP\n header, as well as the fragmentation offset value\n specified in the IP header. By crafting a packet with\n specific values of the IP header length and the\n fragmentation offset, attackers can write into the .bss\n section of the program (past the statically allocated\n buffer that is used for storing the fragmented data)\n and cause a denial of service in uip_reass() in uip.c,\n or possibly execute arbitrary code on some target\n architectures.(CVE-2020-17438)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1762\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7f39852d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected open-iscsi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:open-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"open-iscsi-2.0.876-21.h15.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-iscsi\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-28T11:57:00", "description": "According to the version of the open-iscsi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.(CVE-2020-17438)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : open-iscsi (EulerOS-SA-2021-1718)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-17438"], "modified": "2021-04-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:open-iscsi", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-1718.NASL", "href": "https://www.tenable.com/plugins/nessus/148620", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148620);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\n \"CVE-2020-17438\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : open-iscsi (EulerOS-SA-2021-1718)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the open-iscsi package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - An issue was discovered in uIP 1.0, as used in Contiki\n 3.0 and other products. The code that reassembles\n fragmented packets fails to properly validate the total\n length of an incoming packet specified in its IP\n header, as well as the fragmentation offset value\n specified in the IP header. By crafting a packet with\n specific values of the IP header length and the\n fragmentation offset, attackers can write into the .bss\n section of the program (past the statically allocated\n buffer that is used for storing the fragmented data)\n and cause a denial of service in uip_reass() in uip.c,\n or possibly execute arbitrary code on some target\n architectures.(CVE-2020-17438)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1718\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2148b5e1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected open-iscsi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:open-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"open-iscsi-2.0.876-21.h15.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"open-iscsi\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:57:17", "description": "According to the versions of the libjpeg-turbo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product:\n AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338(CVE-2019-2201)\n\n - libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.(CVE-2017-15232)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : libjpeg-turbo (EulerOS-SA-2021-1438)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-15232", "CVE-2019-2201", "CVE-2020-13987"], "modified": "2021-03-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libjpeg-turbo", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2021-1438.NASL", "href": "https://www.tenable.com/plugins/nessus/147569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147569);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2019-2201\",\n \"CVE-2020-13987\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : libjpeg-turbo (EulerOS-SA-2021-1438)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libjpeg-turbo package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - In generate_jsimd_ycc_rgb_convert_neon of\n jsimd_arm64_neon.S, there is a possible out of bounds\n write due to a missing bounds check. This could lead to\n remote code execution in an unprivileged process with\n no additional execution privileges needed. User\n interaction is needed for exploitation.Product:\n AndroidVersions: Android-8.0 Android-8.1 Android-9\n Android-10Android ID: A-120551338(CVE-2019-2201)\n\n - libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in\n jdpostct.c and jquant1.c via a crafted JPEG\n file.(CVE-2017-15232)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1438\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?979490cf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libjpeg-turbo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libjpeg-turbo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libjpeg-turbo-1.2.90-6.h9.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjpeg-turbo\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:38:42", "description": "[![](https://thehackernews.com/images/-wmhhLqsmP70/X9CdE443IiI/AAAAAAAABNA/_rti_SS4BkoWeh8I0g7GiKTZGzH1f7n4QCLcBGAsYHQ/s0/iot-hack.jpg)](<https://thehackernews.com/images/-wmhhLqsmP70/X9CdE443IiI/AAAAAAAABNA/_rti_SS4BkoWeh8I0g7GiKTZGzH1f7n4QCLcBGAsYHQ/s0/iot-hack.jpg>)\n\nCybersecurity researchers disclosed a dozen new flaws in multiple widely-used embedded TCP/IP stacks impacting millions of devices ranging from networking equipment and medical devices to industrial control systems that could be exploited by an attacker to take control of a vulnerable system.\n\nCollectively called \"[AMNESIA:33](<https://www.forescout.com/research-labs/amnesia33/>)\" by Forescout researchers, it is a set of 33 vulnerabilities that impact four open-source TCP/IP protocol stacks \u2014 uIP, FNET, picoTCP, and Nut/Net \u2014 that are commonly used in Internet-of-Things (IoT) and embedded devices.\n\nAs a consequence of improper memory management, [successful exploitation](<https://kb.cert.org/vuls/id/815128>) of these flaws could cause memory corruption, allowing attackers to compromise devices, execute malicious code, perform denial-of-service (DoS) attacks, steal sensitive information, and even poison DNS cache.\n\nIn the real world, these attacks could play out in various ways: disrupting the functioning of a power station to result in a blackout or taking smoke alarm and temperature monitor systems offline by using any of the DoS vulnerabilities.\n\nThe flaws, which will be detailed today at the [Black Hat Europe Security Conference](<https://www.blackhat.com/eu-20/briefings/schedule/index.html#how-embedded-tcpip-stacks-breed-critical-vulnerabilities-21503>), were discovered as part of Forescout's Project Memoria initiative to study the security of TCP/IP stacks.\n\n[![](https://thehackernews.com/images/-MEwJ7pVxyWs/X9CaX-0BcuI/AAAAAAAABMs/i407DFI0niYEMuWAiPHTc7lFa1enTZCxgCLcBGAsYHQ/s0/iot-devices.jpg)](<https://thehackernews.com/images/-MEwJ7pVxyWs/X9CaX-0BcuI/AAAAAAAABMs/i407DFI0niYEMuWAiPHTc7lFa1enTZCxgCLcBGAsYHQ/s0/iot-devices.jpg>)\n\nThe development has prompted the CISA ICS-CERT to issue a [security advisory](<https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01>) in an attempt to provide early notice of the reported vulnerabilities and identify baseline preventive measures for mitigating risks associated with the flaws.\n\nMillions of devices from an estimated 158 vendors are vulnerable to AMNESIA:33, with the possibility of remote code execution allowing an adversary to take complete control of a device, and using it as an entry point on a network of IoT devices to laterally move, establish persistence, and co-opt the compromised systems into botnets without their knowledge.\n\n\"AMNESIA:33 affects multiple open source TCP/IP stacks that are not owned by a single company,\" the researchers [said](<https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/>). \"This means that a single vulnerability tends to spread easily and silently across multiple codebases, development teams, companies and products, which presents significant challenges to patch management.\"\n\nBecause these vulnerabilities span across a complex IoT supply chain, Forescout cautioned it's as challenging it is to determine which devices are affected as they are hard to eradicate.\n\nLike the [Urgent/11](<https://thehackernews.com/2019/07/vxworks-rtos-vulnerability.html>) and [Ripple20](<https://thehackernews.com/2020/06/new-critical-flaws-put-billions-of.html>) flaws that were disclosed in recent times, AMNESIA:33 stems from [out-of-bounds writes](<https://cwe.mitre.org/data/definitions/787.html>), [overflow flaws](<https://cwe.mitre.org/data/definitions/190.html>), or a [lack of input validation](<https://cwe.mitre.org/data/definitions/20.html>), leading to memory corruption and enabling an attacker to put devices into infinite loops, poison DNS caches, and extract arbitrary data.\n\nThree of the most severe issues reside in uIP (CVE-2020-24336), picoTCP (CVE-2020-24338), and Nut/Net (CVE-2020-25111), all of which are remote code execution (RCE) flaws and have a CVSS score of 9.8 out of a maximum of 10.\n\n * **CVE-2020-24336** \\- The code for parsing DNS records in DNS response packets sent over NAT64 does not validate the length field of the response records, allowing attackers to corrupt memory.\n * **CVE-2020-24338** \\- The function that parses domain names lacks bounds checks, allowing attackers to corrupt memory with crafted DNS packets.\n * **CVE-2020-25111** \\- A heap buffer overflow occurring during the processing of the name field of a DNS response resource record, allowing an attacker to corrupt adjacent memory by writing an arbitrary number of bytes to an allocated buffer.\n\nAs of writing, vendors such as [Microchip Technology](<https://www.microchip.com/design-centers/wireless-connectivity/software-vulnerability-response/amnesia-network-stack-vulnerability>) and [Siemens](<https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf>) that have been affected by the reported vulnerabilities have also released security advisories.\n\n\"Embedded systems, such as IoT and [operational technology] devices, tend to have long vulnerability lifespans resulting from a combination of patching issues, long support lifecycles and vulnerabilities 'trickling down' highly complex and opaque supply chains,\" Forescout said.\n\n\"As a result, vulnerabilities in embedded TCP/IP stacks have the potential to affect millions \u2013 even billions \u2013 of devices across verticals and tend to remain a problem for a very long time.\"\n\nBesides urging organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures, CISA has recommended minimizing network exposure, isolating control system networks and remote devices behind firewalls, and using Virtual Private Networks (VPNs) for secure remote access.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-09T09:50:00", "type": "thn", "title": "Amnesia:33 \u2014 Critical TCP/IP Flaws Affect Millions of IoT Devices", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24336", "CVE-2020-24338", "CVE-2020-25111"], "modified": "2020-12-10T16:36:49", "id": "THN:812B2C8E4446362B541FFE932E10CC78", "href": "https://thehackernews.com/2020/12/amnesia33-critical-tcpip-flaws-affect.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ics": [{"lastseen": "2022-04-26T21:36:38", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 6.5**\n * **ATTENTION: **Exploitable remotely/low attack complexity\n * **Vendor: **Siemens\n * **Equipment: **SENTRON 3VA COM100/800, SENTRON 3VA DSP800, SENTRON PAC2200, SENTRON PAC3200T, SENTRON PAC3200, SENTRON PAC3220, SENTRON PAC4200\n * **Vulnerabilities:** Out-of-bounds Read, Out-of-bounds Write\n\n## 2\\. UPDATE INFORMATION\n\nThThis updated advisory is a follow-up to the advisory update titled ICSA-21-068-06 Siemens TCP/IP Stack Vulnerabilities AMNESIA:33 in SENTRON PAC / 3VA Devices (Update B) that was published August 10, 2021, to the ICS webpage on us-cert.cisa.gov. \n\n## 3\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could cause a denial-of-service condition.\n\n## 4\\. TECHNICAL DETAILS\n\n### 4.1 AFFECTED PRODUCTS\n\nThe following products are affected:\n\n * SENTRON 3VA COM100/800: all versions prior to v4.4.1\n * SENTRON 3VA DSP800: all versions prior to v4.0\n * SENTRON PAC2200 (with CLP Approval): all versions\n\n**\\--------- Begin Update C Part 1 of 2 ---------**\n\n * SENTRON PAC2200 (with MID Approval): all versions prior to v3.2.2\n * SENTRON PAC2200 (without MID Approval): all versions prior to v3.2.2\n * SENTRON PAC3200: all versions prior to v2.4.7 \n * SENTRON PAC3200T: all versions prior to v3.2.2\n\n**\\--------- End Update C Part 1 of 2 ---------**\n\n * SENTRON PAC3220: all versions prior to v3.2.0\n * SENTRON PAC4200: all versions prior to v2.3.0\n\n### 4.2 VULNERABILITY OVERVIEW\n\n#### 4.2.1 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>)\n\nAn attacker located in the same network could trigger a denial-of-service condition on the device by sending a specially crafted IP packet.\n\n[CVE-2020-13987](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13987>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 4.2.2 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>)\n\nAn attacker located in the same network could trigger a denial-of-service condition on the device by sending a specially crafted IP packet.\n\n[CVE-2020-17437](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17437>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n### 4.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Energy\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Germany\n\n### 4.4 RESEARCHER\n\nDaniel dos Santos, Stanislav Dashevskyi, Jos Wetzels, and Amine Amri of Forescout Research Labs reported these vulnerabilities to CISA.\n\n## 5\\. MITIGATIONS\n\nSiemens recommends users upgrade affected products if upgrades are available: \n\n * SENTRON 3VA COM100/800: [Update to v4.4.1 or later](<https://support.industry.siemens.com/cs/ww/en/view/109765343/>).\n * SENTRON 3VA DSP800: [Update to v4.0 or later](<https://support.industry.siemens.com/cs/ww/en/view/109799046/>).\n\n**\\--------- Begin Update C Part 2 of 2 ---------**\n\n * SENTRON PAC2200 (All variants): Update to v3.2.2 or later version. Contact Siemens customer support to receive the latest firmware version.\n * SENTRON PAC3200: [Update to v2.4.7 or later](<https://support.industry.siemens.com/cs/ww/en/view/31674577>)\n * SENTRON PAC3200T: [Update to v3.2.2 or later version](<https://support.industry.siemens.com/cs/ww/en/view/109793060/>)\n\n**\\--------- End Update C Part 2 of 2 ---------**\n\n * SENTRON PAC3220: [Update to v3.2.0 or later](<https://support.industry.siemens.com/cs/ww/en/view/109780938/>)\n * SENTRON PAC4200: [Update to v2.3.0 or later version](<https://support.industry.siemens.com/cs/ww/en/view/35029840/>).\n\nSiemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:\n\n * For successful exploitation, an attacking system must be in the same Modbus TCP segment as a vulnerable device. Therefore, ensure only trusted systems are attached to that segment, and only trusted persons have access.\n\nAs a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to [Siemens\u2019 operational guidelines for industrial security](<https://cert-portal.siemens.com/operational-guidelines-industrial-security.pdf>) and following the recommendations in the product manuals.\n\nAdditional information on industrial security by Siemens can be found at: <https://www.siemens.com/industrialsecurity> \nFor more information on these vulnerabilities and associated software updates, please see Siemens security advisory [SSA-541018](<https://www.siemens.com/cert/advisories>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure they are [not accessible from the Internet](<https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://www.cisa.gov/uscert/ics/recommended-practices>) on the ICS webpage on [cisa.gov](<https://www.cisa.gov/uscert/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on cisa.gov](<https://www.cisa.gov/uscert/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-21-068-06>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-02-10T00:00:00", "type": "ics", "title": "Siemens TCP/IP Stack Vulnerabilities\u2013AMNESIA:33 in SENTRON PAC / 3VA Devices (Update C)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13987", "CVE-2020-17437"], "modified": "2022-02-10T00:00:00", "id": "ICSA-21-068-06", "href": "https://www.us-cert.gov/ics/advisories/icsa-21-068-06", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-04-26T21:45:26", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 6.5**\n * **ATTENTION: **Exploitable remotely/low attack complexity\n * **Vendor:** Siemens\n * **Equipment:** ENTRON 3VA COM100/800, SENTRON 3VA DSP800, SENTRON PAC2200, SENTRON PAC3200T, SENTRON PAC3200, SENTRON PAC4200, SIRIUS 3RW5\n * **Vulnerability: **Integer Overflow\n\n## 2\\. UPDATE INFORMATION\n\nThis updated advisory is a follow-up to the advisory update titled ICSA-20-343-05 Siemens Embedded TCP/IP Stack Vulnerabilities\u2013AMNESIA:33 (Update B) that was published March 9, 2021, to the ICS webpage on us-cert.cisa.gov.\n\n## 3\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a denial-of-service condition.\n\n## 4\\. TECHNICAL DETAILS\n\n### 4.1 AFFECTED PRODUCTS\n\nThe following products are affected:\n\n * SENTRON 3VA COM100/800: all versions prior to v4.2\n * SENTRON 3VA DSP800: all versions prior to v2.0\n * SENTRON PAC2200 (without MID Approval): all versions prior to v3.0.5\n * SENTRON PAC3200: all versions prior to v2.4.5 \n * SENTRON PAC3200T: all versions prior to v3.0.5\n * SENTRON PAC4200: all versions prior to v2.0.1\n * SIRIUS 3RW5 communication module Modbus TCP: all versions prior to v1.1.1\n\n### 4.2 VULNERABILITY OVERVIEW\n\n#### 4.2.1 [INTEGER OVERFLOW CWE-190](<https://cwe.mitre.org/data/definitions/190.html>)\n\nAn attacker located in the same network could trigger a denial-of-service condition on the device by sending a specially crafted IP packet.\n\n[CVE-2020-13988](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13988>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)).\n\n### 4.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Energy\n * **COUNTRIES/AREAS DEPLOYED:** Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Germany\n\n### 4.4 RESEARCHER\n\nDaniel dos Santos, Stanislav Dashevskyi, Jos Wetzels, and Amine Amri of Forescout Research Labs reported this vulnerability to CISA.\n\n## 5\\. MITIGATIONS\n\nSiemens recommends users upgrade affected products if upgrade are available for those products: \n\n * SENTRON 3VA COM100/800: [Update to v4.2 or later version](<https://support.industry.siemens.com/cs/ww/en/view/109765343/>)\n * SENTRON 3VA DSP800: [Update to v2.0 or later version](<https://support.industry.siemens.com/cs/ww/en/view/109761031/>)\n * SENTRON PAC2200 (without MID Approval): [Update to v3.0.5 or later version](<https://support.industry.siemens.com/cs/ww/en/view/109760897/>)\n\n**\\--------- Begin Update C Part 1 of 1 ---------**\n\n * SENTRON PAC3200T: [Update to v3.0.5 or later version](<https://support.industry.siemens.com/cs/ww/en/view/109793060/>)\n\n**\\--------- End Update C Part 1 of 1 ---------**\n\n * SENTRON PAC3200: [Update to v2.4.5 or later version](<https://support.industry.siemens.com/cs/ww/en/view/31674577>)\n * SENTRON PAC4200: [Update to v2.0.1 or later version](<https://support.industry.siemens.com/cs/ww/en/view/31674577>)\n * SIRIUS 3RW5 communication module Modbus TCP: [Update to v1.1.1 or later version](<https://support.industry.siemens.com/cs/ww/en/view/109759671/>)\n\nAs a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to [Siemens\u2019 operational guidelines for industrial security](<https://www.siemens.com/cert/operational-guidelines-industrial-security>) and following the recommendations in the product manuals.\n\nAdditional information on industrial security by Siemens can be found at: <https://www.siemens.com/industrialsecurity>\n\nFor more information on this vulnerability and associated software updates, please see Siemens security advisory [SSA-541017](<https://www.siemens.com/cert/advisories>)\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure they are [not accessible from the Internet](<https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-20-343-05>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-13T00:00:00", "type": "ics", "title": "Siemens Embedded TCP/IP Stack Vulnerabilities\u2013AMNESIA:33 (Update C)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13988"], "modified": "2021-04-13T00:00:00", "id": "ICSA-20-343-05", "href": "https://www.us-cert.gov/ics/advisories/icsa-20-343-05", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T13:00:49", "description": "An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T22:15:00", "type": "cve", "title": "CVE-2020-13986", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13986"], "modified": "2020-12-16T18:46:00", "cpe": ["cpe:/o:contiki-os:contiki:3.0"], "id": "CVE-2020-13986", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13986", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:contiki-os:contiki:3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:00:46", "description": "An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T22:15:00", "type": "cve", "title": "CVE-2020-13985", "cwe": ["CWE-787", "CWE-681", "CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13985"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/o:contiki-os:contiki:3.0"], "id": "CVE-2020-13985", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13985", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:contiki-os:contiki:3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:00:45", "description": "An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T22:15:00", "type": "cve", "title": "CVE-2020-13984", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13984"], "modified": "2020-12-14T19:49:00", "cpe": ["cpe:/o:contiki-os:contiki:3.0"], "id": "CVE-2020-13984", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13984", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:contiki-os:contiki:3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:38:56", "description": "An issue was discovered in picoTCP 1.7.0. The routine for processing the next header field (and deducing whether the IPv6 extension headers are valid) doesn't check whether the header extension length field would overflow. Therefore, if it wraps around to zero, iterating through the extension headers will not increment the current data pointer. This leads to an infinite loop and Denial-of-Service in pico_ipv6_check_headers_sequence() in pico_ipv6.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-17444", "cwe": ["CWE-835", "CWE-20", "CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17444"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:altran:picotcp:1.7.0"], "id": "CVE-2020-17444", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17444", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:altran:picotcp:1.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:38:57", "description": "An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 destination options does not check for a valid length of the destination options header. This results in an Out-of-Bounds Read, and, depending on the memory protection mechanism, this may result in Denial-of-Service in pico_ipv6_process_destopt() in pico_ipv6.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-17445", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17445"], "modified": "2020-12-14T21:55:00", "cpe": ["cpe:/a:altran:picotcp:1.7.0"], "id": "CVE-2020-17445", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17445", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:altran:picotcp:1.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:40:15", "description": "An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has '\\0' termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-25107", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25107"], "modified": "2020-12-15T01:12:00", "cpe": ["cpe:/o:ethernut:nut\\/os:5.1"], "id": "CVE-2020-25107", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25107", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:ethernut:nut\\/os:5.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:40:44", "description": "An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a domain name in a DNS query/response is not checked, and is used for internal memory operations. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-25110", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25110"], "modified": "2020-12-15T00:54:00", "cpe": ["cpe:/o:ethernut:nut\\/os:5.1"], "id": "CVE-2020-25110", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25110", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:ethernut:nut\\/os:5.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:41:27", "description": "An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses (set in a DNS header) is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-25109", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25109"], "modified": "2020-12-15T01:26:00", "cpe": ["cpe:/o:ethernut:nut\\/os:5.1"], "id": "CVE-2020-25109", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25109", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:ethernut:nut\\/os:5.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:22:37", "description": "An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds reads that lead to Denial-of-Service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-24339", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24339"], "modified": "2020-12-14T21:30:00", "cpe": ["cpe:/a:altran:picotcp:1.7.0", "cpe:/a:altran:picotcp-ng:1.7.0"], "id": "CVE-2020-24339", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24339", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:altran:picotcp-ng:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:altran:picotcp:1.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:40:48", "description": "An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-25112", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25112"], "modified": "2020-12-14T21:18:00", "cpe": ["cpe:/o:contiki-os:contiki-os:3.0"], "id": "CVE-2020-25112", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25112", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:contiki-os:contiki-os:3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:38:54", "description": "An issue was discovered in picoTCP 1.7.0. The code for parsing the hop-by-hop IPv6 extension headers does not validate the bounds of the extension header length value, which may result in Integer Wraparound. Therefore, a crafted extension header length value may cause Denial-of-Service because it affects the loop in which the extension headers are parsed in pico_ipv6_process_hopbyhop() in pico_ipv6.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-17442", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17442"], "modified": "2020-12-14T20:08:00", "cpe": ["cpe:/a:altran:picotcp:1.7.0"], "id": "CVE-2020-17442", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17442", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:altran:picotcp:1.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:40:46", "description": "An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for the IPv6 header length. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-25111", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25111"], "modified": "2020-12-15T02:01:00", "cpe": ["cpe:/o:contiki-os:contiki-os:3.0"], "id": "CVE-2020-25111", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25111", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:contiki-os:contiki-os:3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:38:52", "description": "An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects pico_ipv6_extension_headers and pico_checksum_adder (in pico_ipv6.c and pico_frame.c).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-17441", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17441"], "modified": "2020-12-14T20:12:00", "cpe": ["cpe:/a:altran:picotcp:1.7.0"], "id": "CVE-2020-17441", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17441", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:altran:picotcp:1.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:22:37", "description": "An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writes that lead to Denial-of-Service and Remote Code Execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-24338", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24338"], "modified": "2020-12-14T21:40:00", "cpe": ["cpe:/a:altran:picotcp:1.7.0"], "id": "CVE-2020-24338", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24338", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:altran:picotcp:1.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:22:41", "description": "An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually causing Denial-of-Service or an information leak.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-24341", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24341"], "modified": "2020-12-14T21:26:00", "cpe": ["cpe:/a:altran:picotcp:1.7.0", "cpe:/a:altran:picotcp-ng:1.7.0"], "id": "CVE-2020-24341", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24341", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:altran:picotcp-ng:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:altran:picotcp:1.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:22:35", "description": "An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcp_parse_options() in pico_tcp.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-24337", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24337"], "modified": "2020-12-14T21:49:00", "cpe": ["cpe:/a:altran:picotcp:1.7.0", "cpe:/a:altran:picotcp-ng:1.7.0"], "id": "CVE-2020-24337", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24337", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:altran:picotcp-ng:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:altran:picotcp:1.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:38:54", "description": "An issue was discovered in picoTCP 1.7.0. The code for creating an ICMPv6 echo replies doesn't check whether the ICMPv6 echo request packet's size is shorter than 8 bytes. If the size of the incoming ICMPv6 request packet is shorter than this, the operation that calculates the size of the ICMPv6 echo replies has an integer wrap around, leading to memory corruption and, eventually, Denial-of-Service in pico_icmp6_send_echoreply_not_frag in pico_icmp6.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-17443", "cwe": ["CWE-787", "CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17443"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:altran:picotcp:1.7.0"], "id": "CVE-2020-17443", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17443", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:altran:picotcp:1.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:22:30", "description": "The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in resolv.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-24334", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24334"], "modified": "2020-12-15T15:03:00", "cpe": ["cpe:/a:uip_project:uip:1.0"], "id": "CVE-2020-24334", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24334", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:uip_project:uip:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:22:39", "description": "An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in the packet, leading to an out-of-bounds read, invalid pointer dereference, and Denial-of-Service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-24340", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24340"], "modified": "2020-12-14T21:29:00", "cpe": ["cpe:/a:altran:picotcp:1.7.0", "cpe:/a:altran:picotcp-ng:1.7.0"], "id": "CVE-2020-24340", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24340", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:altran:picotcp-ng:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:altran:picotcp:1.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:22:33", "description": "An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-02T07:15:00", "type": "cve", "title": "CVE-2020-24335", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24335"], "modified": "2021-02-04T21:24:00", "cpe": ["cpe:/a:uip_project:uip:1.0"], "id": "CVE-2020-24335", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24335", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:uip_project:uip:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:22:34", "description": "An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn't verify whether the address in the answer's length is sane. Therefore, when copying an address of an arbitrary length, a buffer overflow can occur. This bug can be exploited whenever NAT64 is enabled.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-24336", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24336"], "modified": "2020-12-15T14:47:00", "cpe": ["cpe:/o:contiki-os:contiki:3.0", "cpe:/o:contiki-ng:contiki-ng:4.5"], "id": "CVE-2020-24336", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24336", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:contiki-os:contiki:3.0:*:*:*:*:*:*:*", "cpe:2.3:o:contiki-ng:contiki-ng:4.5:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:23:27", "description": "An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\\0' termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-24383", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24383"], "modified": "2020-12-15T02:04:00", "cpe": ["cpe:/a:fnet_project:fnet:4.6.4"], "id": "CVE-2020-24383", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24383", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:fnet_project:fnet:4.6.4:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:40:19", "description": "An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked (it can be set to an arbitrary value from a packet). This may lead to successful Denial-of-Service, and possibly Remote Code Execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-25108", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25108"], "modified": "2020-12-15T01:15:00", "cpe": ["cpe:/o:ethernut:nut\\/os:5.1"], "id": "CVE-2020-25108", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25108", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:ethernut:nut\\/os:5.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:38:46", "description": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-17438", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17438"], "modified": "2020-12-15T16:34:00", "cpe": ["cpe:/a:uip_project:uip:1.0"], "id": "CVE-2020-17438", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17438", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:uip_project:uip:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:38:52", "description": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have '\\0' termination. This results in errors when calculating the offset of the pointer that jumps over domain name bytes in DNS response packets when a name lacks this termination, and eventually leads to dereferencing the pointer at an invalid/arbitrary address, within newdata() and parse_name() in resolv.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-17440", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17440"], "modified": "2020-12-15T15:06:00", "cpe": ["cpe:/a:uip_project:uip:1.0"], "id": "CVE-2020-17440", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17440", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:uip_project:uip:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:38:49", "description": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata() in resolv.c. Also, arbitrary DNS replies are parsed if there was any outgoing DNS query with a transaction ID that matches the transaction ID of an incoming reply. Provided that the default DNS cache is quite small (only four records) and that the transaction ID has a very limited set of values that is quite easy to guess, this can lead to DNS cache poisoning.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.7}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-17439", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17439"], "modified": "2020-12-15T15:36:00", "cpe": ["cpe:/a:uip_project:uip:1.0"], "id": "CVE-2020-17439", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17439", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:uip_project:uip:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:25", "description": "An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-17470", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17470"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:fnet_project:fnet:4.6.4"], "id": "CVE-2020-17470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17470", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:fnet_project:fnet:4.6.4:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:21", "description": "An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn't check for '\\0' termination. Therefore, the deduced length of the hostname doesn't reflect the correct length of the actual data. This may lead to Information Disclosure in _fnet_llmnr_poll in fnet_llmnr.c during a response to a malicious request of the DNS class IN.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-17467", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17467"], "modified": "2020-12-18T02:23:00", "cpe": ["cpe:/a:fnet_project:fnet:4.6.4"], "id": "CVE-2020-17467", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17467", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:fnet_project:fnet:4.6.4:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:22", "description": "An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header (in the IPv6 extension headers) doesn't check for a valid length of an extension header, and therefore an out-of-bounds read can occur in _fnet_ip6_ext_header_handler_options in fnet_ip6.c, leading to Denial-of-Service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-17468", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17468"], "modified": "2020-12-17T19:33:00", "cpe": ["cpe:/a:fnet_project:fnet:4.6.4"], "id": "CVE-2020-17468", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17468", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:fnet_project:fnet:4.6.4:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:39:23", "description": "An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn't have a reference to the previous one (which supposedly resides in the reassembly list). When faced with an incoming fragment that belongs to a non-empty fragment list, IPv6 reassembly must check that there are no empty holes between the fragments: this leads to an uninitialized pointer dereference in _fnet_ip6_reassembly in fnet_ip6.c, and causes Denial-of-Service.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-17469", "cwe": ["CWE-824"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17469"], "modified": "2021-07-21T11:39:00", "cpe": ["cpe:/a:fnet_project:fnet:4.6.4"], "id": "CVE-2020-17469", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17469", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:fnet_project:fnet:4.6.4:*:*:*:*:*:*:*"]}, {"lastseen": "2022-08-06T08:02:53", "description": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T22:15:00", "type": "cve", "title": "CVE-2020-13987", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13987"], "modified": "2022-08-06T03:52:00", "cpe": ["cpe:/a:uip_project:uip:1.0", "cpe:/a:open-iscsi_project:open-iscsi:2.1.12"], "id": "CVE-2020-13987", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13987", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:open-iscsi_project:open-iscsi:2.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:uip_project:uip:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-08-08T16:36:11", "description": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-12-11T23:15:00", "type": "cve", "title": "CVE-2020-17437", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17437"], "modified": "2022-08-08T14:57:00", "cpe": ["cpe:/a:uip_project:uip:1.0", "cpe:/a:open-iscsi_project:open-iscsi:2.1.7", "cpe:/o:siemens:sentron_pac2200_clp_firmware:-"], "id": "CVE-2020-17437", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17437", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:open-iscsi_project:open-iscsi:2.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:siemens:sentron_pac2200_clp_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:uip_project:uip:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:00:54", "description": "An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T22:15:00", "type": "cve", "title": "CVE-2020-13988", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13988"], "modified": "2020-12-16T18:44:00", "cpe": ["cpe:/o:contiki-ng:contiki-ng:3.0"], "id": "CVE-2020-13988", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13988", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:contiki-ng:contiki-ng:3.0:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2022-08-04T13:22:38", "description": "An issue was discovered in uIP through 1.0, as used in Contiki and\nContiki-NG. Domain name parsing lacks bounds checks, allowing an attacker\nto corrupt memory with crafted DNS packets.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | per upstream developers, open-iscsi wasn't affected by this CVE\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-02T00:00:00", "type": "ubuntucve", "title": "CVE-2020-24335", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-24335"], "modified": "2021-02-02T00:00:00", "id": "UB:CVE-2020-24335", "href": "https://ubuntu.com/security/CVE-2020-24335", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:24:22", "description": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other\nproducts. The code that reassembles fragmented packets fails to properly\nvalidate the total length of an incoming packet specified in its IP header,\nas well as the fragmentation offset value specified in the IP header. By\ncrafting a packet with specific values of the IP header length and the\nfragmentation offset, attackers can write into the .bss section of the\nprogram (past the statically allocated buffer that is used for storing the\nfragmented data) and cause a denial of service in uip_reass() in uip.c, or\npossibly execute arbitrary code on some target architectures.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | aka FSCT-2020-0015 issue in embedded copy of uIP \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | per upstream developers, open-iscsi wasn't affected by this CVE\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-01T00:00:00", "type": "ubuntucve", "title": "CVE-2020-17438", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17438"], "modified": "2020-12-01T00:00:00", "id": "UB:CVE-2020-17438", "href": "https://ubuntu.com/security/CVE-2020-17438", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:24:23", "description": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read\nvulnerability exists in the uIP TCP/IP Stack component when calculating the\nchecksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | aka FSCT-2020-0009 issue in embedded copy of uIP \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | per upstream \"iscsiuio only uses uip for network \"services\", such as DHCP, ARP, etc, and not for normal TCP/IP communications\"\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-01T00:00:00", "type": "ubuntucve", "title": "CVE-2020-13987", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13987"], "modified": "2020-12-01T00:00:00", "id": "UB:CVE-2020-13987", "href": "https://ubuntu.com/security/CVE-2020-13987", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:24:23", "description": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other\nproducts. When the Urgent flag is set in a TCP packet, and the stack is\nconfigured to ignore the urgent data, the stack attempts to use the value\nof the Urgent pointer bytes to separate the Urgent data from the normal\ndata, by calculating the offset at which the normal data should be present\nin the global buffer. However, the length of this offset is not checked;\ntherefore, for large values of the Urgent pointer bytes, the data pointer\ncan point to memory that is way beyond the data buffer in uip_process in\nuip.c.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | aka FSCT-2020-0018 issue in embedded copy of uIP \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | per upstream \"iscsiuio only uses uip for network \"services\", such as DHCP, ARP, etc, and not for normal TCP/IP communications\"\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-12-01T00:00:00", "type": "ubuntucve", "title": "CVE-2020-17437", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17437"], "modified": "2020-12-01T00:00:00", "id": "UB:CVE-2020-17437", "href": "https://ubuntu.com/security/CVE-2020-17437", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-04T13:24:22", "description": "An issue was discovered in Contiki through 3.0. An Integer Overflow exists\nin the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4\nnetwork packets in uip_process in net/ipv4/uip.c.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | aka FSCT-2020-0008 issue in embedded copy of uIP \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | per upstream \"iscsiuio only uses uip for network \"services\", such as DHCP, ARP, etc, and not for normal TCP/IP communications\"\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-01T00:00:00", "type": "ubuntucve", "title": "CVE-2020-13988", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13988"], "modified": "2020-12-01T00:00:00", "id": "UB:CVE-2020-13988", "href": "https://ubuntu.com/security/CVE-2020-13988", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-07-30T22:54:39", "description": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T22:15:00", "type": "debiancve", "title": "CVE-2020-13987", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13987"], "modified": "2020-12-11T22:15:00", "id": "DEBIANCVE:CVE-2020-13987", "href": "https://security-tracker.debian.org/tracker/CVE-2020-13987", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-30T22:54:39", "description": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-12-11T23:15:00", "type": "debiancve", "title": "CVE-2020-17437", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17437"], "modified": "2020-12-11T23:15:00", "id": "DEBIANCVE:CVE-2020-17437", "href": "https://security-tracker.debian.org/tracker/CVE-2020-17437", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-07-30T22:54:39", "description": "An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-11T22:15:00", "type": "debiancve", "title": "CVE-2020-13988", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13988"], "modified": "2020-12-11T22:15:00", "id": "DEBIANCVE:CVE-2020-13988", "href": "https://security-tracker.debian.org/tracker/CVE-2020-13988", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-26T16:37:27", "description": "open-iscsi is vulnerable to denial of service (DoS). The vulnerability exists through an Out-of-Bounds read in the uIP TCP/IP Stack component when calculating the checksums for IP packets in `upper_layer_chksum` in `net/ipv4/uip.c`.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-24T21:46:55", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13987"], "modified": "2021-03-09T17:47:26", "id": "VERACODE:28816", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-28816/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-26T16:28:39", "description": "open-iscsi:sid is vulnerable to buffer overflow. The vulnerability is possible because priority is given when the Urgent flag is set in a TCP packet, however the offset is not checked. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-12-24T19:23:41", "type": "veracode", "title": "Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17437"], "modified": "2021-03-09T17:47:28", "id": "VERACODE:28815", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-28815/summary", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-07-26T16:37:16", "description": "open-iscsi:sid is vulnerable to integer overflow. The vulnerability exist in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-24T21:46:55", "type": "veracode", "title": "Integer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13988"], "modified": "2022-04-19T18:43:52", "id": "VERACODE:28817", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-28817/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2022-07-07T17:34:51", "description": "An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-10T17:34:59", "type": "redhatcve", "title": "CVE-2020-13987", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13987"], "modified": "2022-07-07T12:38:24", "id": "RH:CVE-2020-13987", "href": "https://access.redhat.com/security/cve/cve-2020-13987", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-07T17:34:48", "description": "An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-12-10T17:34:58", "type": "redhatcve", "title": "CVE-2020-17437", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-17437"], "modified": "2022-07-07T12:52:43", "id": "RH:CVE-2020-17437", "href": "https://access.redhat.com/security/cve/cve-2020-17437", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-07-07T17:34:48", "description": "An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-10T17:34:44", "type": "redhatcve", "title": "CVE-2020-13988", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13988"], "modified": "2022-07-07T12:38:24", "id": "RH:CVE-2020-13988", "href": "https://access.redhat.com/security/cve/cve-2020-13988", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}

Multiple Embedded TCP/IP Stacks

Description

Related