7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.378 Low
EPSS
Percentile
97.2%
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.
tcpdump: multiple overflow issues in protocol decoding (CVE-2017-5486)
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.
(CVE-2014-8767)
tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access. (CVE-2014-8769)
Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory tcpdump. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(199446);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id(
"CVE-2014-8767",
"CVE-2014-8769",
"CVE-2014-9140",
"CVE-2015-0261",
"CVE-2015-2153",
"CVE-2015-2154",
"CVE-2015-2155",
"CVE-2016-7922",
"CVE-2016-7923",
"CVE-2016-7924",
"CVE-2016-7925",
"CVE-2016-7926",
"CVE-2016-7927",
"CVE-2016-7928",
"CVE-2016-7929",
"CVE-2016-7930",
"CVE-2016-7931",
"CVE-2016-7932",
"CVE-2016-7933",
"CVE-2016-7934",
"CVE-2016-7935",
"CVE-2016-7936",
"CVE-2016-7937",
"CVE-2016-7938",
"CVE-2016-7939",
"CVE-2016-7940",
"CVE-2016-7973",
"CVE-2016-7974",
"CVE-2016-7975",
"CVE-2016-7983",
"CVE-2016-7984",
"CVE-2016-7985",
"CVE-2016-7986",
"CVE-2016-7992",
"CVE-2016-7993",
"CVE-2016-8574",
"CVE-2016-8575",
"CVE-2017-5202",
"CVE-2017-5203",
"CVE-2017-5204",
"CVE-2017-5205",
"CVE-2017-5341",
"CVE-2017-5342",
"CVE-2017-5482",
"CVE-2017-5483",
"CVE-2017-5484",
"CVE-2017-5485",
"CVE-2017-5486",
"CVE-2017-11108",
"CVE-2017-11541",
"CVE-2017-11542",
"CVE-2017-11543",
"CVE-2017-11544",
"CVE-2017-12893",
"CVE-2017-12894",
"CVE-2017-12895",
"CVE-2017-12896",
"CVE-2017-12897",
"CVE-2017-12898",
"CVE-2017-12899",
"CVE-2017-12900",
"CVE-2017-12901",
"CVE-2017-12902",
"CVE-2017-12985",
"CVE-2017-12986",
"CVE-2017-12987",
"CVE-2017-12988",
"CVE-2017-12989",
"CVE-2017-12990",
"CVE-2017-12991",
"CVE-2017-12992",
"CVE-2017-12993",
"CVE-2017-12994",
"CVE-2017-12995",
"CVE-2017-12996",
"CVE-2017-12997",
"CVE-2017-12998",
"CVE-2017-12999",
"CVE-2017-13000",
"CVE-2017-13001",
"CVE-2017-13002",
"CVE-2017-13003",
"CVE-2017-13004",
"CVE-2017-13005",
"CVE-2017-13006",
"CVE-2017-13007",
"CVE-2017-13008",
"CVE-2017-13009",
"CVE-2017-13010",
"CVE-2017-13011",
"CVE-2017-13012",
"CVE-2017-13013",
"CVE-2017-13014",
"CVE-2017-13015",
"CVE-2017-13016",
"CVE-2017-13017",
"CVE-2017-13018",
"CVE-2017-13019",
"CVE-2017-13020",
"CVE-2017-13021",
"CVE-2017-13022",
"CVE-2017-13023",
"CVE-2017-13024",
"CVE-2017-13025",
"CVE-2017-13026",
"CVE-2017-13027",
"CVE-2017-13028",
"CVE-2017-13029",
"CVE-2017-13030",
"CVE-2017-13031",
"CVE-2017-13032",
"CVE-2017-13033",
"CVE-2017-13034",
"CVE-2017-13035",
"CVE-2017-13036",
"CVE-2017-13037",
"CVE-2017-13038",
"CVE-2017-13039",
"CVE-2017-13040",
"CVE-2017-13041",
"CVE-2017-13042",
"CVE-2017-13043",
"CVE-2017-13044",
"CVE-2017-13045",
"CVE-2017-13046",
"CVE-2017-13047",
"CVE-2017-13048",
"CVE-2017-13049",
"CVE-2017-13050",
"CVE-2017-13051",
"CVE-2017-13052",
"CVE-2017-13053",
"CVE-2017-13054",
"CVE-2017-13055",
"CVE-2017-13687",
"CVE-2017-13688",
"CVE-2017-13689",
"CVE-2017-13690",
"CVE-2017-13725",
"CVE-2017-16808"
);
script_name(english:"RHEL 6 : tcpdump (Unpatched Vulnerability)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 6 host is affected by multiple vulnerabilities that will not be patched.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.
- tcpdump: multiple overflow issues in protocol decoding (CVE-2017-5486)
- Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows
remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.
(CVE-2014-8767)
- tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or
cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance
Vector (AODV) packet, which triggers an out-of-bounds memory access. (CVE-2014-8769)
Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5486");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tcpdump");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'pkgs': [
{'reference':'tcpdump', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'tcpdump'}
]
}
];
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
foreach var pkg ( constraint_array['pkgs'] ) {
var unpatched_pkg = NULL;
var _release = NULL;
var sp = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (unpatched_pkg &&
_release &&
(!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : unpatched_packages_report()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'tcpdump');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | 6 | cpe:/o:redhat:enterprise_linux:6 |
redhat | enterprise_linux | tcpdump | p-cpe:/a:redhat:enterprise_linux:tcpdump |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8767
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9140
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0261
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2153
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2154
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2155
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7922
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7923
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7924
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7925
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7926
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7927
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7928
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7929
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7930
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7931
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7932
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7933
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7934
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7935
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7936
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7973
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7983
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7984
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7985
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7986
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7992
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8574
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8575
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11108
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11544
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12893
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12894
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12895
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12896
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12897
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12898
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12899
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12900
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12901
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12902
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12985
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12986
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12987
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12990
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12991
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12992
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12994
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12996
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12997
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12999
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13000
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13003
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13004
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13009
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13010
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13013
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13014
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13017
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13018
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13020
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13021
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13022
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13023
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13024
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13025
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13026
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13027
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13028
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13029
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13030
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13031
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13032
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13033
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13034
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13035
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13036
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13037
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13038
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13039
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13040
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13041
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13044
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13047
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13051
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13052
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13054
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13687
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13689
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13690
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13725
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5202
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5203
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5204
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5205
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5482
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5485
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5486
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.378 Low
EPSS
Percentile
97.2%