Lucene search

[email protected]NVD:CVE-2020-35683

HistoryAug 19, 2021 - 12:15 p.m.

CVE-2020-35683

2021-08-1912:15:07

CWE-125

[email protected]

web.nvd.nist.gov

cve-2020-35683

hcc nichestack

icmp packets

denial-of-service

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

58.5%

JSON

An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service.

Affected configurations

Nvd

Node

hcc-embeddednichestackMatch3.0

Node

siemens7km9300-0ae02-0aa0_firmwareRange<3.0.4

AND

siemens7km9300-0ae02-0aa0Match-

VendorProductVersionCPE
hcc-embeddednichestack3.0cpe:2.3:a:hcc-embedded:nichestack:3.0:*:*:*:*:*:*:*
siemens7km9300-0ae02-0aa0_firmware*cpe:2.3:o:siemens:7km9300-0ae02-0aa0_firmware:*:*:*:*:*:*:*:*
siemens7km9300-0ae02-0aa0-cpe:2.3:h:siemens:7km9300-0ae02-0aa0:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hcc-embedded	nichestack	3.0	cpe:2.3:a:hcc-embedded:nichestack:3.0:::::::*
siemens	7km9300-0ae02-0aa0_firmware	*	cpe:2.3:o:siemens:7km9300-0ae02-0aa0_firmware::::::::
siemens	7km9300-0ae02-0aa0	-	cpe:2.3:h:siemens:7km9300-0ae02-0aa0:-:::::::*