Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4767-1.NASL
HistoryOct 21, 2023 - 12:00 a.m.

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Zabbix vulnerabilities (USN-4767-1)

2023-10-2100:00:00
Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
xml external entity (xxe)
sql injection
open redirect
mysql user parameter
code execution
trapper functionality
user enumeration
stored xss

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.716 High

EPSS

Percentile

98.1%

JSON

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4767-1 advisory.

  • XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. (CVE-2014-3005)

  • SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. (CVE-2016-10134)

  • Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. (CVE-2016-10742)

  • The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
    (CVE-2016-4338)

  • An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.
    (CVE-2017-2824)

  • In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.
    (CVE-2017-2825)

  • Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the Login name or password is incorrect and No permissions for system access messages, or just blocking for a number of seconds).
    This affects both api_jsonrpc.php and index.php. (CVE-2019-15132)

  • Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
    (CVE-2020-11800)

  • Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. (CVE-2020-15803)

Note that Nessus has not tested for these issues but has instead relied only on the applicationโ€™s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4767-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(183641);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/21");

  script_cve_id(
    "CVE-2014-3005",
    "CVE-2016-4338",
    "CVE-2016-10134",
    "CVE-2016-10742",
    "CVE-2017-2824",
    "CVE-2017-2825",
    "CVE-2019-15132",
    "CVE-2020-11800",
    "CVE-2020-15803"
  );
  script_xref(name:"USN", value:"4767-1");

  script_name(english:"Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Zabbix vulnerabilities (USN-4767-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple
vulnerabilities as referenced in the USN-4767-1 advisory.

  - XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x
    before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially
    execute arbitrary code via a crafted DTD in an XML request. (CVE-2014-3005)

  - SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to
    execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. (CVE-2016-10134)

  - Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x
    before 3.4.4rc1 allows open redirect via the request parameter. (CVE-2016-10742)

  - The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before
    2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows
    context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
    (CVE-2016-4338)

  - An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server
    2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code
    execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.
    (CVE-2017-2824)

  - In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass
    database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to
    alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.
    (CVE-2017-2825)

  - Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate
    application usernames based on the variability of server responses (e.g., the Login name or password is
    incorrect and No permissions for system access messages, or just blocking for a number of seconds).
    This affects both api_jsonrpc.php and index.php. (CVE-2019-15132)

  - Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
    (CVE-2020-11800)

  - Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before
    5.0.2rc1 allows stored XSS in the URL Widget. (CVE-2020-15803)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4767-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11800");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/06/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zabbix-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zabbix-frontend-php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zabbix-java-gateway");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zabbix-proxy-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zabbix-proxy-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zabbix-proxy-sqlite3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zabbix-server-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zabbix-server-pgsql");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'zabbix-agent', 'pkgver': '1:2.4.7+dfsg-2ubuntu2.1+esm3'},
    {'osver': '16.04', 'pkgname': 'zabbix-frontend-php', 'pkgver': '1:2.4.7+dfsg-2ubuntu2.1+esm3'},
    {'osver': '16.04', 'pkgname': 'zabbix-java-gateway', 'pkgver': '1:2.4.7+dfsg-2ubuntu2.1+esm3'},
    {'osver': '16.04', 'pkgname': 'zabbix-proxy-mysql', 'pkgver': '1:2.4.7+dfsg-2ubuntu2.1+esm3'},
    {'osver': '16.04', 'pkgname': 'zabbix-proxy-pgsql', 'pkgver': '1:2.4.7+dfsg-2ubuntu2.1+esm3'},
    {'osver': '16.04', 'pkgname': 'zabbix-proxy-sqlite3', 'pkgver': '1:2.4.7+dfsg-2ubuntu2.1+esm3'},
    {'osver': '16.04', 'pkgname': 'zabbix-server-mysql', 'pkgver': '1:2.4.7+dfsg-2ubuntu2.1+esm3'},
    {'osver': '16.04', 'pkgname': 'zabbix-server-pgsql', 'pkgver': '1:2.4.7+dfsg-2ubuntu2.1+esm3'},
    {'osver': '18.04', 'pkgname': 'zabbix-agent', 'pkgver': '1:3.0.12+dfsg-1ubuntu0.1~esm3'},
    {'osver': '18.04', 'pkgname': 'zabbix-frontend-php', 'pkgver': '1:3.0.12+dfsg-1ubuntu0.1~esm3'},
    {'osver': '18.04', 'pkgname': 'zabbix-java-gateway', 'pkgver': '1:3.0.12+dfsg-1ubuntu0.1~esm3'},
    {'osver': '18.04', 'pkgname': 'zabbix-proxy-mysql', 'pkgver': '1:3.0.12+dfsg-1ubuntu0.1~esm3'},
    {'osver': '18.04', 'pkgname': 'zabbix-proxy-pgsql', 'pkgver': '1:3.0.12+dfsg-1ubuntu0.1~esm3'},
    {'osver': '18.04', 'pkgname': 'zabbix-proxy-sqlite3', 'pkgver': '1:3.0.12+dfsg-1ubuntu0.1~esm3'},
    {'osver': '18.04', 'pkgname': 'zabbix-server-mysql', 'pkgver': '1:3.0.12+dfsg-1ubuntu0.1~esm3'},
    {'osver': '18.04', 'pkgname': 'zabbix-server-pgsql', 'pkgver': '1:3.0.12+dfsg-1ubuntu0.1~esm3'},
    {'osver': '20.04', 'pkgname': 'zabbix-agent', 'pkgver': '1:4.0.17+dfsg-1ubuntu0.1~esm1'},
    {'osver': '20.04', 'pkgname': 'zabbix-frontend-php', 'pkgver': '1:4.0.17+dfsg-1ubuntu0.1~esm1'},
    {'osver': '20.04', 'pkgname': 'zabbix-java-gateway', 'pkgver': '1:4.0.17+dfsg-1ubuntu0.1~esm1'},
    {'osver': '20.04', 'pkgname': 'zabbix-proxy-mysql', 'pkgver': '1:4.0.17+dfsg-1ubuntu0.1~esm1'},
    {'osver': '20.04', 'pkgname': 'zabbix-proxy-pgsql', 'pkgver': '1:4.0.17+dfsg-1ubuntu0.1~esm1'},
    {'osver': '20.04', 'pkgname': 'zabbix-proxy-sqlite3', 'pkgver': '1:4.0.17+dfsg-1ubuntu0.1~esm1'},
    {'osver': '20.04', 'pkgname': 'zabbix-server-mysql', 'pkgver': '1:4.0.17+dfsg-1ubuntu0.1~esm1'},
    {'osver': '20.04', 'pkgname': 'zabbix-server-pgsql', 'pkgver': '1:4.0.17+dfsg-1ubuntu0.1~esm1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'zabbix-agent / zabbix-frontend-php / zabbix-java-gateway / etc');
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:esm
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:esm
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:esm
canonicalubuntu_linuxzabbix-agentp-cpe:/a:canonical:ubuntu_linux:zabbix-agent
canonicalubuntu_linuxzabbix-frontend-phpp-cpe:/a:canonical:ubuntu_linux:zabbix-frontend-php
canonicalubuntu_linuxzabbix-java-gatewayp-cpe:/a:canonical:ubuntu_linux:zabbix-java-gateway
canonicalubuntu_linuxzabbix-proxy-mysqlp-cpe:/a:canonical:ubuntu_linux:zabbix-proxy-mysql
canonicalubuntu_linuxzabbix-proxy-pgsqlp-cpe:/a:canonical:ubuntu_linux:zabbix-proxy-pgsql
canonicalubuntu_linuxzabbix-proxy-sqlite3p-cpe:/a:canonical:ubuntu_linux:zabbix-proxy-sqlite3
canonicalubuntu_linuxzabbix-server-mysqlp-cpe:/a:canonical:ubuntu_linux:zabbix-server-mysql
Rows per page:
1-10 of 111

Related

ubuntu 1
osv 11
openvas 24
debian 8
nessus 23
suse 3
cve 9
ubuntucve 9
nuclei 1
prion 9
cvelist 9
nvd 9
debiancve 9
exploitdb 2
packetstorm 2
fedora 7
freebsd 2
talos 2
zdt 1
mageia 1
seebug 3
exploitpack 1
myhack58 2
checkpoint_advisories 1
gentoo 1
ubuntu
ubuntu
Zabbix vulnerabilities
2022-06-15 00:00:00
osv
osv
zabbix vulnerabilities
2022-06-15 08:28:18
zabbix - security update
2021-04-21 00:00:00
zabbix - security update
2020-11-21 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4767-1)
2023-01-27 00:00:00
Debian: Security Advisory (DLA-2631-1)
2021-04-22 00:00:00
Debian: Security Advisory (DLA-2461-1)
2020-11-22 00:00:00
debian
debian
[SECURITY] [DLA 2631-1] zabbix security update
2021-04-21 14:41:32
[SECURITY] [DLA 2461-1] zabbix security update
2020-11-21 17:32:18
[SECURITY] [DSA 3937-1] zabbix security update
2017-08-12 00:23:57
nessus
nessus
Debian DLA-2631-1 : zabbix security update
2021-04-22 00:00:00
Debian DLA-2461-1 : zabbix security update
2020-11-23 00:00:00
openSUSE Security Update : zabbix (openSUSE-2020-1604)
2020-10-05 00:00:00
suse
suse
Security update for zabbix (moderate)
2020-10-04 00:00:00
Security update for zabbix (moderate)
2022-02-16 00:00:00
Security update for MozillaThunderbird (important)
2022-03-01 00:00:00
cve
cve
CVE-2016-10134
2017-02-17 02:59:10
CVE-2016-10742
2019-02-17 16:29:00
CVE-2020-15803
2020-07-17 03:15:11
ubuntucve
ubuntucve
CVE-2016-10134
2017-02-17 00:00:00
CVE-2016-10742
2019-02-17 00:00:00
CVE-2020-15803
2020-07-17 00:00:00
nuclei
nuclei
Zabbix - SQL Injection
2022-01-04 10:21:37
prion
prion
Sql injection
2017-02-17 02:59:00
Open redirect
2019-02-17 16:29:00
Design/Logic Flaw
2019-08-17 18:15:00
cvelist
cvelist
CVE-2016-10134
2017-02-16 18:00:00
CVE-2016-10742
2019-02-17 16:00:00
CVE-2020-15803
2020-07-17 00:00:00
nvd
nvd
CVE-2016-10134
2017-02-17 02:59:10
CVE-2016-10742
2019-02-17 16:29:00
CVE-2020-15803
2020-07-17 03:15:11
debiancve
debiancve
CVE-2016-10742
2019-02-17 16:29:00
CVE-2016-10134
2017-02-17 02:59:10
CVE-2019-15132
2019-08-17 18:15:10
exploitdb
exploitdb
Zabbix 5.0.0 - Stored XSS via URL Widget Iframe
2020-12-04 00:00:00
Zabbix Agent 3.0.1 - &#039;mysql.size&#039; Shell Command Injection
2016-05-04 00:00:00
packetstorm
packetstorm
Zabbix 5.0.0 Cross Site Scripting
2020-12-04 00:00:00
Zabbix Agent 3.0.1 mysql.size Shell Command Injection
2016-05-03 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: zabbix-4.0.22-1.fc32
2020-07-30 17:53:43
[SECURITY] Fedora 31 Update: zabbix-4.0.22-1.fc31
2020-07-28 15:03:33
[SECURITY] Fedora 24 Update: zabbix-3.0.9-1.fc24
2017-07-03 02:20:07
freebsd
freebsd
Zabbix -- Remote code execution
2017-07-05 00:00:00
Zabbix -- Remote code execution
2020-04-15 00:00:00
talos
talos
Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability
2017-04-27 00:00:00
Zabbix Proxy Server SQL Database Write Vulnerability
2017-04-27 00:00:00
zdt
zdt
Zabbix Agent 3.0.1 - mysql.size Shell Command Injection
2016-05-04 00:00:00
mageia
mageia
Updated zabbix package fixes security vulnerability
2014-10-29 14:30:40
seebug
seebug
Zabbix Agent 3.0.1 mysql. size shell command injection
2016-08-08 00:00:00
Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability๏ผˆ CVE-2017-2824๏ผ‰
2017-04-28 00:00:00
Zabbix Proxy Server SQL Database Write Vulnerability (CVE-2017-2825)
2017-04-28 00:00:00
exploitpack
exploitpack
Zabbix Agent 3.0.1 - mysql.size Shell Command Injection
2016-05-04 00:00:00
myhack58
myhack58
Zabbix multiple high-risk vulnerabilities-vulnerability warning-the black bar safety net
2017-04-28 00:00:00
Zabbix blast remote code execution vulnerability, a database written in a high-risk vulnerability-vulnerability warning-the black bar safety net
2017-05-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Zabbix Server Active Proxy Trapper Command Injection (CVE-2017-2824)
2017-05-22 00:00:00
gentoo
gentoo
Zabbix: Multiple vulnerabilities
2016-12-13 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.716 High

EPSS

Percentile

98.1%

JSON
Related for UBUNTU_USN-4767-1.NASL
ubuntu1osv11openvas24debian8nessus23suse3cve9ubuntucve9nuclei1prion9cvelist9nvd9debiancve9exploitdb2packetstorm2fedora7freebsd2talos2zdt1mageia1seebug3exploitpack1myhack582checkpoint_advisories1gentoo1