ID SECURITYVULNS:DOC:21572Type securityvulnsReporter SecurityvulnsModified 2009-04-03T00:00:00
Description
aushack.com - Vulnerability Advisory
Release Date:
02-Apr-2009
Software:
Asbru Software - Asbru Web Content Management
http://www.asbrusoft.com/
"Ready to use, full-featured, database-driven web content management system
(CMS) with integrated community, databases, e-commerce and statistics modules
for creating, publishing and managing rich and user-friendly
Internet, Extranet
and Intranet websites."
Versions tested:
6.5 and 6.6.9 have been confirmed as vulnerable in the ASP release.
Other versions are untested. The vendor reports JSP, PHP, ASPX immune.
Vulnerability discovered:
SQL Injection & XSS
Vulnerability impact:
High - SQL Injection in backend database. Impact depends on the
security and configuration of the database. It may be possible
to execute code using functons such as xp_cmdshell in poorly
configured hosts. Other attacks possible include obtaining the
CMS admin username and password from the database and
subsequently uploading code or modifying the page content.
Vulnerability information:
The 'id' GET parameter of 'page.asp', 'stylesheet.asp' and 'file.asp' is
vulnerable to numeric based blind SQL injection.
Example:
http://[victim]/page.asp?id=1 <-- main page
http://[victim]/page.asp?id=1 AND 1=2 <-- returns blank (false)
http://[victim]/page.asp?id=1 AND 1=1 <-- main page (true)
XSS in the 'url' parameter of 'login.asp':
Example:
http://[victim]/webadmin/login.asp?url="><script>alert(document.cookie)</script>
References:
aushack.com advisory
http://www.aushack.com/200904-asbru.txt
Credit:
Patrick Webster ( patrick@aushack.com )
Disclosure timeline:
28-Oct-2008 - Discovered during audit.
27-Nov-2008 - Notified vendor.
28-Nov-2008 - Vendor releases patch.
02-Apr-2009 - Disclosure.
EOF
{"id": "SECURITYVULNS:DOC:21572", "bulletinFamily": "software", "title": "Asbru Web Content Management Vulnerabilities", "description": "aushack.com - Vulnerability Advisory\r\n-----------------------------------------------\r\nRelease Date:\r\n 02-Apr-2009\r\n\r\nSoftware:\r\n Asbru Software - Asbru Web Content Management\r\n http://www.asbrusoft.com/\r\n\r\n "Ready to use, full-featured, database-driven web content management system\r\n (CMS) with integrated community, databases, e-commerce and statistics modules\r\n for creating, publishing and managing rich and user-friendly\r\nInternet, Extranet\r\n and Intranet websites."\r\n\r\nVersions tested:\r\n 6.5 and 6.6.9 have been confirmed as vulnerable in the ASP release.\r\n Other versions are untested. The vendor reports JSP, PHP, ASPX immune.\r\n\r\nVulnerability discovered:\r\n\r\n SQL Injection & XSS\r\n\r\nVulnerability impact:\r\n\r\n High - SQL Injection in backend database. Impact depends on the\r\n security and configuration of the database. It may be possible\r\n to execute code using functons such as xp_cmdshell in poorly\r\n configured hosts. Other attacks possible include obtaining the\r\n CMS admin username and password from the database and\r\n subsequently uploading code or modifying the page content.\r\n\r\nVulnerability information:\r\n\r\n The 'id' GET parameter of 'page.asp', 'stylesheet.asp' and 'file.asp' is\r\n vulnerable to numeric based blind SQL injection.\r\n\r\n Example:\r\n\r\n http://[victim]/page.asp?id=1 <-- main page\r\n http://[victim]/page.asp?id=1 AND 1=2 <-- returns blank (false)\r\n http://[victim]/page.asp?id=1 AND 1=1 <-- main page (true)\r\n\r\n XSS in the 'url' parameter of 'login.asp':\r\n\r\n Example:\r\n\r\n http://[victim]/webadmin/login.asp?url="><script>alert(document.cookie)</script>\r\n\r\nReferences:\r\n aushack.com advisory\r\n http://www.aushack.com/200904-asbru.txt\r\n\r\nCredit:\r\n Patrick Webster ( patrick@aushack.com )\r\n\r\nDisclosure timeline:\r\n 28-Oct-2008 - Discovered during audit.\r\n 27-Nov-2008 - Notified vendor.\r\n 28-Nov-2008 - Vendor releases patch.\r\n 02-Apr-2009 - Disclosure.\r\n\r\nEOF", "published": "2009-04-03T00:00:00", "modified": "2009-04-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21572", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:29", "edition": 1, "viewCount": 61, "enchantments": {"score": {"value": 2.3, "vector": "NONE", "modified": "2018-08-31T11:10:29", "rev": 2}, "dependencies": {"references": [{"type": "zdt", "idList": ["1337DAY-ID-34153", "1337DAY-ID-34180", "1337DAY-ID-34134"]}, {"type": "nessus", "idList": ["EULEROS_SA-2020-1261.NASL", "FREEBSD_PKG_40194E1C6D8911EA808280EE73419AF3.NASL", "EULEROS_SA-2020-1323.NASL", "EULEROS_SA-2020-1299.NASL", "DEBIAN_DLA-2164.NASL", "EULEROS_SA-2020-1314.NASL", "EULEROS_SA-2020-1318.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201318", "OPENVAS:1361412562311220201314", "OPENVAS:1361412562311220201323", "OPENVAS:1361412562310892164", "OPENVAS:1361412562311220201299"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2164-1:52F3C"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:10149"]}, {"type": "kitploit", "idList": ["KITPLOIT:1907207623071471216"]}, {"type": "mssecure", "idList": ["MSSECURE:057ED5C1C386380F0F149DBAC7F1F6EF"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:156729"]}], "modified": "2018-08-31T11:10:29", "rev": 2}, "vulnersScore": 2.3}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}
{"nessus": [{"id": "DELL_BIOS_DSA-2021-106.NASL", "hash": "fff3014f9f3523db4ee1903615b7fc10", "type": "nessus", "bulletinFamily": "scanner", "title": "Dell Client BIOS Multiple Vulnerabilities (DSA-2021-106)", "description": "According to its self-reported version, Dell BIOS is affected by multiple vulnerabilities.\n\n - Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering. (CVE-2021-21571)\n\n - Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.\n (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574)\n\nPlease see the included Dell Security Advisory for more information.", "published": "2021-09-13T00:00:00", "modified": "2021-09-14T00:00:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153223", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21571", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21574", "http://www.nessus.org/u?02633955", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21572"], "cvelist": ["CVE-2021-21571", "CVE-2021-21572", "CVE-2021-21573", "CVE-2021-21574"], "immutableFields": [], "lastseen": "2021-09-18T13:20:05", "history": [{"bulletin": {"id": "DELL_BIOS_DSA-2021-106.NASL", "hash": "339aef11b791ed89e819832df4bef93a", "type": "nessus", "bulletinFamily": "scanner", "title": "Dell Client BIOS Multiple Vulnerabilities (DSA-2021-106)", "description": "According to its self-reported version, Dell BIOS is affected by multiple vulnerabilities.\n\n - Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering. (CVE-2021-21571)\n\n - Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.\n (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574)\n\nPlease see the included Dell Security Advisory for more information.", "published": "2021-09-13T00:00:00", "modified": "2021-09-13T00:00:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153223", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?02633955", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21572", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21573", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21574", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21571"], "cvelist": ["CVE-2021-21571", "CVE-2021-21572", "CVE-2021-21573", "CVE-2021-21574"], "immutableFields": [], "lastseen": "2021-09-14T00:19:18", "history": [], "viewCount": 2, "enchantments": {}, "objectVersion": "1.6", "pluginID": "153223", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153223);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/13\");\n\n script_cve_id(\n \"CVE-2021-21571\", \n \"CVE-2021-21572\", \n \"CVE-2021-21573\", \n \"CVE-2021-21574\"\n );\n\n script_xref(name:\"IAVA\", value:\"2021-A-0294\");\n\n script_name(english:\"Dell Client BIOS Multiple Vulnerabilities (DSA-2021-106)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Dell BIOS is affected by multiple vulnerabilities.\n\n - Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an \n improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability \n using a person-in-the-middle attack which may lead to a denial of service and payload tampering. (CVE-2021-21571)\n\n - Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local\n access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.\n (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574)\n\nPlease see the included Dell Security Advisory for more information.\");\n # https://www.dell.com/support/kbdoc/en-ie/000188682/dsa-2021-106-dell-client-platform-security-update-for-multiple-vulnerabilities-in-the-supportassist-biosconnect-feature-and-https-boot-feature\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?02633955\");\n script_set_attribute(attribute:\"solution\", value:\n\"Check vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21572\");\n\n script_cwe_id(121,122,295,787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"bios_get_info_wmi.nbin\");\n script_require_keys(\"Bios/\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_name = 'Dell Inc.';\nvar app_info = vcf::dell_bios_win::get_app_info(app:app_name);\nvar model = app_info['model'];\n\n# secure_boot must be disabled\nif (app_info['secure_boot'] == 'enabled') audit(AUDIT_HOST_NOT, 'affected');\n\n# vuln if either bios_connect or https_boot is enabled\nif (app_info['bios_connect'] == 'Enabled' || app_info['https_boot'] == 'Enabled')\n{\n var fix = '';\n # Check model\n if (model)\n {\n if (model == 'Alienware m15 R6') fix = '1.3.3';\n else if (model == 'ChengMing 3990') fix = '1.4.1';\n else if (model == 'ChengMing 3991') fix = '1.4.1';\n else if (model == 'Dell G15 5510') fix = '1.4.0';\n else if (model == 'Dell G15 5511') fix = '1.3.3';\n else if (model == 'Dell G3 3500') fix = '1.9.0';\n else if (model == 'Dell G5 5500') fix = '1.9.0';\n else if (model == 'Dell G7 7500') fix = '1.9.0';\n else if (model == 'Dell G7 7700') fix = '1.9.0';\n else if (model == 'Inspiron 14 5418') fix = '2.1.0';\n else if (model == 'Inspiron 15 5518') fix = '2.1.0';\n else if (model == 'Inspiron 15 7510') fix = '1.0.4';\n else if (model == 'Inspiron 3501') fix = '1.6.0';\n else if (model == 'Inspiron 3880') fix = '1.4.1';\n else if (model == 'Inspiron 3881') fix = '1.4.1';\n else if (model == 'Inspiron 3891') fix = '1.0.11';\n else if (model == 'Inspiron 5300') fix = '1.7.1';\n else if (model == 'Inspiron 5301') fix = '1.8.1';\n else if (model == 'Inspiron 5310') fix = '2.1.0';\n else if (model == 'Inspiron 5400 2n1') fix = '1.7.0';\n else if (model == 'Inspiron 5400 AIO') fix = '1.4.0';\n else if (model == 'Inspiron 5401') fix = '1.7.2';\n else if (model == 'Inspiron 5401 AIO') fix = '1.4.0';\n else if (model == 'Inspiron 5402') fix = '1.5.1';\n else if (model == 'Inspiron 5406 2n1') fix = '1.5.1';\n else if (model == 'Inspiron 5408') fix = '1.7.2';\n else if (model == 'Inspiron 5409') fix = '1.5.1';\n else if (model == 'Inspiron 5410 2-in-1') fix = '2.1.0';\n else if (model == 'Inspiron 5501') fix = '1.7.2';\n else if (model == 'Inspiron 5502') fix = '1.5.1';\n else if (model == 'Inspiron 5508') fix = '1.7.2';\n else if (model == 'Inspiron 5509') fix = '1.5.1';\n else if (model == 'Inspiron 7300') fix = '1.8.1';\n else if (model == 'Inspiron 7300 2n1') fix = '1.3.0';\n else if (model == 'Inspiron 7306 2n1') fix = '1.5.1';\n else if (model == 'Inspiron 7400') fix = '1.8.1';\n else if (model == 'Inspiron 7500') fix = '1.8.0';\n else if (model == 'Inspiron 7500 2n1 - Black') fix = '1.3.0';\n else if (model == 'Inspiron 7500 2n1 - Silver') fix = '1.3.0';\n else if (model == 'Inspiron 7501') fix = '1.8.0';\n else if (model == 'Inspiron 7506 2n1') fix = '1.5.1';\n else if (model == 'Inspiron 7610') fix = '1.0.4';\n else if (model == 'Inspiron 7700 AIO') fix = '1.4.0';\n else if (model == 'Inspiron 7706 2n1') fix = '1.5.1';\n else if (model == 'Latitude 3120') fix = '1.1.0';\n else if (model == 'Latitude 3320') fix = '1.4.0';\n else if (model == 'Latitude 3410') fix = '1.9.0';\n else if (model == 'Latitude 3420') fix = '1.8.0';\n else if (model == 'Latitude 3510') fix = '1.9.0';\n else if (model == 'Latitude 3520') fix = '1.8.0';\n else if (model == 'Latitude 5310') fix = '1.7.0';\n else if (model == 'Latitude 5310 2 in 1') fix = '1.7.0';\n else if (model == 'Latitude 5320') fix = '1.7.1';\n else if (model == 'Latitude 5320 2-in-1') fix = '1.7.1';\n else if (model == 'Latitude 5410') fix = '1.6.0';\n else if (model == 'Latitude 5411') fix = '1.6.0';\n else if (model == 'Latitude 5420') fix = '1.8.0';\n else if (model == 'Latitude 5510') fix = '1.6.0';\n else if (model == 'Latitude 5511') fix = '1.6.0';\n else if (model == 'Latitude 5520') fix = '1.7.1';\n else if (model == 'Latitude 5521') fix = '1.3.0';\n else if (model == 'Latitude 7210 2-in-1') fix = '1.7.0';\n else if (model == 'Latitude 7310') fix = '1.7.0';\n else if (model == 'Latitude 7320') fix = '1.7.1';\n else if (model == 'Latitude 7320 Detachable') fix = '1.4.0';\n else if (model == 'Latitude 7410') fix = '1.7.0';\n else if (model == 'Latitude 7420') fix = '1.7.1';\n else if (model == 'Latitude 7520') fix = '1.7.1';\n else if (model == 'Latitude 9410') fix = '1.7.0';\n else if (model == 'Latitude 9420') fix = '1.4.1';\n else if (model == 'Latitude 9510') fix = '1.6.0';\n else if (model == 'Latitude 9520') fix = '1.5.2';\n else if (model == 'Latitude 5421') fix = '1.3.0';\n else if (model == 'OptiPlex 3080') fix = '2.1.1';\n else if (model == 'OptiPlex 3090 UFF') fix = '1.2.0';\n else if (model == 'OptiPlex 3280 All-in-One') fix = '1.7.0';\n else if (model == 'OptiPlex 5080') fix = '1.4.0';\n else if (model == 'OptiPlex 5090 Tower') fix = '1.1.35';\n else if (model == 'OptiPlex 5490 AIO') fix = '1.3.0';\n else if (model == 'OptiPlex 7080') fix = '1.4.0';\n else if (model == 'OptiPlex 7090 Tower') fix = '1.1.35';\n else if (model == 'OptiPlex 7090 UFF') fix = '1.2.0';\n else if (model == 'OptiPlex 7480 All-in-One') fix = '1.7.0';\n else if (model == 'OptiPlex 7490 All-in-One') fix = '1.3.0';\n else if (model == 'OptiPlex 7780 All-in-One') fix = '1.7.0';\n else if (model == 'Precision 17 M5750') fix = '1.8.2';\n else if (model == 'Precision 3440') fix = '1.4.0';\n else if (model == 'Precision 3450') fix = '1.1.35';\n else if (model == 'Precision 3550') fix = '1.6.0';\n else if (model == 'Precision 3551') fix = '1.6.0';\n else if (model == 'Precision 3560') fix = '1.7.1';\n else if (model == 'Precision 3561') fix = '1.3.0';\n else if (model == 'Precision 3640') fix = '1.6.2';\n else if (model == 'Precision 3650 MT') fix = '1.2.0';\n else if (model == 'Precision 5550') fix = '1.8.1';\n else if (model == 'Precision 5560') fix = '1.3.2';\n else if (model == 'Precision 5760') fix = '1.1.3';\n else if (model == 'Precision 7550') fix = '1.8.0';\n else if (model == 'Precision 7560') fix = '1.1.2';\n else if (model == 'Precision 7750') fix = '1.8.0';\n else if (model == 'Precision 7760') fix = '1.1.2';\n else if (model == 'Vostro 14 5410') fix = '2.1.0';\n else if (model == 'Vostro 15 5510') fix = '2.1.0';\n else if (model == 'Vostro 15 7510') fix = '1.0.4';\n else if (model == 'Vostro 3400') fix = '1.6.0';\n else if (model == 'Vostro 3500') fix = '1.6.0';\n else if (model == 'Vostro 3501') fix = '1.6.0';\n else if (model == 'Vostro 3681') fix = '2.4.0';\n else if (model == 'Vostro 3690') fix = '1.0.11';\n else if (model == 'Vostro 3881') fix = '2.4.0';\n else if (model == 'Vostro 3888') fix = '2.4.0';\n else if (model == 'Vostro 3890') fix = '1.0.11';\n else if (model == 'Vostro 5300') fix = '1.7.1';\n else if (model == 'Vostro 5301') fix = '1.8.1';\n else if (model == 'Vostro 5310') fix = '2.1.0';\n else if (model == 'Vostro 5401') fix = '1.7.2';\n else if (model == 'Vostro 5402') fix = '1.5.1';\n else if (model == 'Vostro 5501') fix = '1.7.2';\n else if (model == 'Vostro 5502') fix = '1.5.1';\n else if (model == 'Vostro 5880') fix = '1.4.0';\n else if (model == 'Vostro 5890') fix = '1.0.11';\n else if (model == 'Vostro 7500') fix = '1.8.0';\n else if (model == 'XPS 13 9305') fix = '1.0.8';\n else if (model == 'XPS 13 2in1 9310') fix = '2.3.3';\n else if (model == 'XPS 13 9310') fix = '3.0.0';\n else if (model == 'XPS 15 9500') fix = '1.8.1';\n else if (model == 'XPS 15 9510') fix = '1.3.2';\n else if (model == 'XPS 17 9700') fix = '1.8.2';\n else if (model == 'XPS 17 9710') fix = '1.1.3';\n else\n {\n audit(AUDIT_HOST_NOT, 'an affected model');\n }\n }\n else\n {\n audit(AUDIT_HOST_NOT, 'an affected model');\n }\n var constraints = [{ 'fixed_version' : fix }];\n vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n}\nelse\n{\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/o:microsoft:windows"], "solution": "Check vendor advisory.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-21572", "vpr": {"risk factor": "Critical", "score": "9.2"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2020-06-24T00:00:00", "vulnerabilityPublicationDate": "2020-06-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-14T00:19:18", "differentElements": ["cvssScoreSource", "exploitEase", "modified", "sourceData"], "edition": 1}, {"bulletin": {"id": "DELL_BIOS_DSA-2021-106.NASL", "hash": "930658530145159b12be4e2538478ea7", "type": "nessus", "bulletinFamily": "scanner", "title": "Dell Client BIOS Multiple Vulnerabilities (DSA-2021-106)", "description": "According to its self-reported version, Dell BIOS is affected by multiple vulnerabilities.\n\n - Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering. (CVE-2021-21571)\n\n - Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.\n (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574)\n\nPlease see the included Dell Security Advisory for more information.", "published": "2021-09-13T00:00:00", "modified": "2021-09-14T00:00:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153223", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21574", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21571", "http://www.nessus.org/u?02633955", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21572", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21573"], "cvelist": ["CVE-2021-21571", "CVE-2021-21572", "CVE-2021-21573", "CVE-2021-21574"], "immutableFields": [], "lastseen": "2021-09-15T12:43:00", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "thn", "idList": ["THN:4550628882A8CE6800C295FA8372B47F"]}, {"type": "cve", "idList": ["CVE-2021-21572", "CVE-2021-21574", "CVE-2021-21573", "CVE-2021-21571"]}, {"type": "threatpost", "idList": ["THREATPOST:21DEB20ED3F651F477BD38ECDF58B94B"]}], "modified": "2021-09-15T12:43:00", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-09-15T12:43:00", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153223", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153223);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/14\");\n\n script_cve_id(\n \"CVE-2021-21571\",\n \"CVE-2021-21572\",\n \"CVE-2021-21573\",\n \"CVE-2021-21574\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0294\");\n\n script_name(english:\"Dell Client BIOS Multiple Vulnerabilities (DSA-2021-106)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Dell BIOS is affected by multiple vulnerabilities.\n\n - Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an \n improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability \n using a person-in-the-middle attack which may lead to a denial of service and payload tampering. (CVE-2021-21571)\n\n - Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local\n access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.\n (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574)\n\nPlease see the included Dell Security Advisory for more information.\");\n # https://www.dell.com/support/kbdoc/en-ie/000188682/dsa-2021-106-dell-client-platform-security-update-for-multiple-vulnerabilities-in-the-supportassist-biosconnect-feature-and-https-boot-feature\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?02633955\");\n script_set_attribute(attribute:\"solution\", value:\n\"Check vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21574\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(121, 122, 295, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"bios_get_info_wmi.nbin\");\n script_require_keys(\"Bios/\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_name = 'Dell Inc.';\nvar app_info = vcf::dell_bios_win::get_app_info(app:app_name);\nvar model = app_info['model'];\n\n# secure_boot must be disabled\nif (app_info['secure_boot'] == 'enabled') audit(AUDIT_HOST_NOT, 'affected');\n\n# vuln if either bios_connect or https_boot is enabled\nif (app_info['bios_connect'] == 'Enabled' || app_info['https_boot'] == 'Enabled')\n{\n var fix = '';\n # Check model\n if (model)\n {\n if (model == 'Alienware m15 R6') fix = '1.3.3';\n else if (model == 'ChengMing 3990') fix = '1.4.1';\n else if (model == 'ChengMing 3991') fix = '1.4.1';\n else if (model == 'Dell G15 5510') fix = '1.4.0';\n else if (model == 'Dell G15 5511') fix = '1.3.3';\n else if (model == 'Dell G3 3500') fix = '1.9.0';\n else if (model == 'Dell G5 5500') fix = '1.9.0';\n else if (model == 'Dell G7 7500') fix = '1.9.0';\n else if (model == 'Dell G7 7700') fix = '1.9.0';\n else if (model == 'Inspiron 14 5418') fix = '2.1.0';\n else if (model == 'Inspiron 15 5518') fix = '2.1.0';\n else if (model == 'Inspiron 15 7510') fix = '1.0.4';\n else if (model == 'Inspiron 3501') fix = '1.6.0';\n else if (model == 'Inspiron 3880') fix = '1.4.1';\n else if (model == 'Inspiron 3881') fix = '1.4.1';\n else if (model == 'Inspiron 3891') fix = '1.0.11';\n else if (model == 'Inspiron 5300') fix = '1.7.1';\n else if (model == 'Inspiron 5301') fix = '1.8.1';\n else if (model == 'Inspiron 5310') fix = '2.1.0';\n else if (model == 'Inspiron 5400 2n1') fix = '1.7.0';\n else if (model == 'Inspiron 5400 AIO') fix = '1.4.0';\n else if (model == 'Inspiron 5401') fix = '1.7.2';\n else if (model == 'Inspiron 5401 AIO') fix = '1.4.0';\n else if (model == 'Inspiron 5402') fix = '1.5.1';\n else if (model == 'Inspiron 5406 2n1') fix = '1.5.1';\n else if (model == 'Inspiron 5408') fix = '1.7.2';\n else if (model == 'Inspiron 5409') fix = '1.5.1';\n else if (model == 'Inspiron 5410 2-in-1') fix = '2.1.0';\n else if (model == 'Inspiron 5501') fix = '1.7.2';\n else if (model == 'Inspiron 5502') fix = '1.5.1';\n else if (model == 'Inspiron 5508') fix = '1.7.2';\n else if (model == 'Inspiron 5509') fix = '1.5.1';\n else if (model == 'Inspiron 7300') fix = '1.8.1';\n else if (model == 'Inspiron 7300 2n1') fix = '1.3.0';\n else if (model == 'Inspiron 7306 2n1') fix = '1.5.1';\n else if (model == 'Inspiron 7400') fix = '1.8.1';\n else if (model == 'Inspiron 7500') fix = '1.8.0';\n else if (model == 'Inspiron 7500 2n1 - Black') fix = '1.3.0';\n else if (model == 'Inspiron 7500 2n1 - Silver') fix = '1.3.0';\n else if (model == 'Inspiron 7501') fix = '1.8.0';\n else if (model == 'Inspiron 7506 2n1') fix = '1.5.1';\n else if (model == 'Inspiron 7610') fix = '1.0.4';\n else if (model == 'Inspiron 7700 AIO') fix = '1.4.0';\n else if (model == 'Inspiron 7706 2n1') fix = '1.5.1';\n else if (model == 'Latitude 3120') fix = '1.1.0';\n else if (model == 'Latitude 3320') fix = '1.4.0';\n else if (model == 'Latitude 3410') fix = '1.9.0';\n else if (model == 'Latitude 3420') fix = '1.8.0';\n else if (model == 'Latitude 3510') fix = '1.9.0';\n else if (model == 'Latitude 3520') fix = '1.8.0';\n else if (model == 'Latitude 5310') fix = '1.7.0';\n else if (model == 'Latitude 5310 2 in 1') fix = '1.7.0';\n else if (model == 'Latitude 5320') fix = '1.7.1';\n else if (model == 'Latitude 5320 2-in-1') fix = '1.7.1';\n else if (model == 'Latitude 5410') fix = '1.6.0';\n else if (model == 'Latitude 5411') fix = '1.6.0';\n else if (model == 'Latitude 5420') fix = '1.8.0';\n else if (model == 'Latitude 5510') fix = '1.6.0';\n else if (model == 'Latitude 5511') fix = '1.6.0';\n else if (model == 'Latitude 5520') fix = '1.7.1';\n else if (model == 'Latitude 5521') fix = '1.3.0';\n else if (model == 'Latitude 7210 2-in-1') fix = '1.7.0';\n else if (model == 'Latitude 7310') fix = '1.7.0';\n else if (model == 'Latitude 7320') fix = '1.7.1';\n else if (model == 'Latitude 7320 Detachable') fix = '1.4.0';\n else if (model == 'Latitude 7410') fix = '1.7.0';\n else if (model == 'Latitude 7420') fix = '1.7.1';\n else if (model == 'Latitude 7520') fix = '1.7.1';\n else if (model == 'Latitude 9410') fix = '1.7.0';\n else if (model == 'Latitude 9420') fix = '1.4.1';\n else if (model == 'Latitude 9510') fix = '1.6.0';\n else if (model == 'Latitude 9520') fix = '1.5.2';\n else if (model == 'Latitude 5421') fix = '1.3.0';\n else if (model == 'OptiPlex 3080') fix = '2.1.1';\n else if (model == 'OptiPlex 3090 UFF') fix = '1.2.0';\n else if (model == 'OptiPlex 3280 All-in-One') fix = '1.7.0';\n else if (model == 'OptiPlex 5080') fix = '1.4.0';\n else if (model == 'OptiPlex 5090 Tower') fix = '1.1.35';\n else if (model == 'OptiPlex 5490 AIO') fix = '1.3.0';\n else if (model == 'OptiPlex 7080') fix = '1.4.0';\n else if (model == 'OptiPlex 7090 Tower') fix = '1.1.35';\n else if (model == 'OptiPlex 7090 UFF') fix = '1.2.0';\n else if (model == 'OptiPlex 7480 All-in-One') fix = '1.7.0';\n else if (model == 'OptiPlex 7490 All-in-One') fix = '1.3.0';\n else if (model == 'OptiPlex 7780 All-in-One') fix = '1.7.0';\n else if (model == 'Precision 17 M5750') fix = '1.8.2';\n else if (model == 'Precision 3440') fix = '1.4.0';\n else if (model == 'Precision 3450') fix = '1.1.35';\n else if (model == 'Precision 3550') fix = '1.6.0';\n else if (model == 'Precision 3551') fix = '1.6.0';\n else if (model == 'Precision 3560') fix = '1.7.1';\n else if (model == 'Precision 3561') fix = '1.3.0';\n else if (model == 'Precision 3640') fix = '1.6.2';\n else if (model == 'Precision 3650 MT') fix = '1.2.0';\n else if (model == 'Precision 5550') fix = '1.8.1';\n else if (model == 'Precision 5560') fix = '1.3.2';\n else if (model == 'Precision 5760') fix = '1.1.3';\n else if (model == 'Precision 7550') fix = '1.8.0';\n else if (model == 'Precision 7560') fix = '1.1.2';\n else if (model == 'Precision 7750') fix = '1.8.0';\n else if (model == 'Precision 7760') fix = '1.1.2';\n else if (model == 'Vostro 14 5410') fix = '2.1.0';\n else if (model == 'Vostro 15 5510') fix = '2.1.0';\n else if (model == 'Vostro 15 7510') fix = '1.0.4';\n else if (model == 'Vostro 3400') fix = '1.6.0';\n else if (model == 'Vostro 3500') fix = '1.6.0';\n else if (model == 'Vostro 3501') fix = '1.6.0';\n else if (model == 'Vostro 3681') fix = '2.4.0';\n else if (model == 'Vostro 3690') fix = '1.0.11';\n else if (model == 'Vostro 3881') fix = '2.4.0';\n else if (model == 'Vostro 3888') fix = '2.4.0';\n else if (model == 'Vostro 3890') fix = '1.0.11';\n else if (model == 'Vostro 5300') fix = '1.7.1';\n else if (model == 'Vostro 5301') fix = '1.8.1';\n else if (model == 'Vostro 5310') fix = '2.1.0';\n else if (model == 'Vostro 5401') fix = '1.7.2';\n else if (model == 'Vostro 5402') fix = '1.5.1';\n else if (model == 'Vostro 5501') fix = '1.7.2';\n else if (model == 'Vostro 5502') fix = '1.5.1';\n else if (model == 'Vostro 5880') fix = '1.4.0';\n else if (model == 'Vostro 5890') fix = '1.0.11';\n else if (model == 'Vostro 7500') fix = '1.8.0';\n else if (model == 'XPS 13 9305') fix = '1.0.8';\n else if (model == 'XPS 13 2in1 9310') fix = '2.3.3';\n else if (model == 'XPS 13 9310') fix = '3.0.0';\n else if (model == 'XPS 15 9500') fix = '1.8.1';\n else if (model == 'XPS 15 9510') fix = '1.3.2';\n else if (model == 'XPS 17 9700') fix = '1.8.2';\n else if (model == 'XPS 17 9710') fix = '1.1.3';\n else\n {\n audit(AUDIT_HOST_NOT, 'an affected model');\n }\n }\n else\n {\n audit(AUDIT_HOST_NOT, 'an affected model');\n }\n var constraints = [{ 'fixed_version' : fix }];\n vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n}\nelse\n{\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/o:microsoft:windows"], "solution": "Check vendor advisory.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-21574", "vpr": {"risk factor": "Critical", "score": "9.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-06-24T00:00:00", "vulnerabilityPublicationDate": "2020-06-24T00:00:00", "exploitableWith": []}, "lastseen": "2021-09-15T12:43:00", "differentElements": ["vpr"], "edition": 2}], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "thn", "idList": ["THN:4550628882A8CE6800C295FA8372B47F"]}, {"type": "cve", "idList": ["CVE-2021-21572", "CVE-2021-21571", "CVE-2021-21573", "CVE-2021-21574"]}, {"type": "threatpost", "idList": ["THREATPOST:21DEB20ED3F651F477BD38ECDF58B94B"]}], "modified": "2021-09-18T13:20:05", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-09-18T13:20:05", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153223", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153223);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/14\");\n\n script_cve_id(\n \"CVE-2021-21571\",\n \"CVE-2021-21572\",\n \"CVE-2021-21573\",\n \"CVE-2021-21574\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0294\");\n\n script_name(english:\"Dell Client BIOS Multiple Vulnerabilities (DSA-2021-106)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Dell BIOS is affected by multiple vulnerabilities.\n\n - Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an \n improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability \n using a person-in-the-middle attack which may lead to a denial of service and payload tampering. (CVE-2021-21571)\n\n - Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local\n access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.\n (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574)\n\nPlease see the included Dell Security Advisory for more information.\");\n # https://www.dell.com/support/kbdoc/en-ie/000188682/dsa-2021-106-dell-client-platform-security-update-for-multiple-vulnerabilities-in-the-supportassist-biosconnect-feature-and-https-boot-feature\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?02633955\");\n script_set_attribute(attribute:\"solution\", value:\n\"Check vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21574\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(121, 122, 295, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"bios_get_info_wmi.nbin\");\n script_require_keys(\"Bios/\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_name = 'Dell Inc.';\nvar app_info = vcf::dell_bios_win::get_app_info(app:app_name);\nvar model = app_info['model'];\n\n# secure_boot must be disabled\nif (app_info['secure_boot'] == 'enabled') audit(AUDIT_HOST_NOT, 'affected');\n\n# vuln if either bios_connect or https_boot is enabled\nif (app_info['bios_connect'] == 'Enabled' || app_info['https_boot'] == 'Enabled')\n{\n var fix = '';\n # Check model\n if (model)\n {\n if (model == 'Alienware m15 R6') fix = '1.3.3';\n else if (model == 'ChengMing 3990') fix = '1.4.1';\n else if (model == 'ChengMing 3991') fix = '1.4.1';\n else if (model == 'Dell G15 5510') fix = '1.4.0';\n else if (model == 'Dell G15 5511') fix = '1.3.3';\n else if (model == 'Dell G3 3500') fix = '1.9.0';\n else if (model == 'Dell G5 5500') fix = '1.9.0';\n else if (model == 'Dell G7 7500') fix = '1.9.0';\n else if (model == 'Dell G7 7700') fix = '1.9.0';\n else if (model == 'Inspiron 14 5418') fix = '2.1.0';\n else if (model == 'Inspiron 15 5518') fix = '2.1.0';\n else if (model == 'Inspiron 15 7510') fix = '1.0.4';\n else if (model == 'Inspiron 3501') fix = '1.6.0';\n else if (model == 'Inspiron 3880') fix = '1.4.1';\n else if (model == 'Inspiron 3881') fix = '1.4.1';\n else if (model == 'Inspiron 3891') fix = '1.0.11';\n else if (model == 'Inspiron 5300') fix = '1.7.1';\n else if (model == 'Inspiron 5301') fix = '1.8.1';\n else if (model == 'Inspiron 5310') fix = '2.1.0';\n else if (model == 'Inspiron 5400 2n1') fix = '1.7.0';\n else if (model == 'Inspiron 5400 AIO') fix = '1.4.0';\n else if (model == 'Inspiron 5401') fix = '1.7.2';\n else if (model == 'Inspiron 5401 AIO') fix = '1.4.0';\n else if (model == 'Inspiron 5402') fix = '1.5.1';\n else if (model == 'Inspiron 5406 2n1') fix = '1.5.1';\n else if (model == 'Inspiron 5408') fix = '1.7.2';\n else if (model == 'Inspiron 5409') fix = '1.5.1';\n else if (model == 'Inspiron 5410 2-in-1') fix = '2.1.0';\n else if (model == 'Inspiron 5501') fix = '1.7.2';\n else if (model == 'Inspiron 5502') fix = '1.5.1';\n else if (model == 'Inspiron 5508') fix = '1.7.2';\n else if (model == 'Inspiron 5509') fix = '1.5.1';\n else if (model == 'Inspiron 7300') fix = '1.8.1';\n else if (model == 'Inspiron 7300 2n1') fix = '1.3.0';\n else if (model == 'Inspiron 7306 2n1') fix = '1.5.1';\n else if (model == 'Inspiron 7400') fix = '1.8.1';\n else if (model == 'Inspiron 7500') fix = '1.8.0';\n else if (model == 'Inspiron 7500 2n1 - Black') fix = '1.3.0';\n else if (model == 'Inspiron 7500 2n1 - Silver') fix = '1.3.0';\n else if (model == 'Inspiron 7501') fix = '1.8.0';\n else if (model == 'Inspiron 7506 2n1') fix = '1.5.1';\n else if (model == 'Inspiron 7610') fix = '1.0.4';\n else if (model == 'Inspiron 7700 AIO') fix = '1.4.0';\n else if (model == 'Inspiron 7706 2n1') fix = '1.5.1';\n else if (model == 'Latitude 3120') fix = '1.1.0';\n else if (model == 'Latitude 3320') fix = '1.4.0';\n else if (model == 'Latitude 3410') fix = '1.9.0';\n else if (model == 'Latitude 3420') fix = '1.8.0';\n else if (model == 'Latitude 3510') fix = '1.9.0';\n else if (model == 'Latitude 3520') fix = '1.8.0';\n else if (model == 'Latitude 5310') fix = '1.7.0';\n else if (model == 'Latitude 5310 2 in 1') fix = '1.7.0';\n else if (model == 'Latitude 5320') fix = '1.7.1';\n else if (model == 'Latitude 5320 2-in-1') fix = '1.7.1';\n else if (model == 'Latitude 5410') fix = '1.6.0';\n else if (model == 'Latitude 5411') fix = '1.6.0';\n else if (model == 'Latitude 5420') fix = '1.8.0';\n else if (model == 'Latitude 5510') fix = '1.6.0';\n else if (model == 'Latitude 5511') fix = '1.6.0';\n else if (model == 'Latitude 5520') fix = '1.7.1';\n else if (model == 'Latitude 5521') fix = '1.3.0';\n else if (model == 'Latitude 7210 2-in-1') fix = '1.7.0';\n else if (model == 'Latitude 7310') fix = '1.7.0';\n else if (model == 'Latitude 7320') fix = '1.7.1';\n else if (model == 'Latitude 7320 Detachable') fix = '1.4.0';\n else if (model == 'Latitude 7410') fix = '1.7.0';\n else if (model == 'Latitude 7420') fix = '1.7.1';\n else if (model == 'Latitude 7520') fix = '1.7.1';\n else if (model == 'Latitude 9410') fix = '1.7.0';\n else if (model == 'Latitude 9420') fix = '1.4.1';\n else if (model == 'Latitude 9510') fix = '1.6.0';\n else if (model == 'Latitude 9520') fix = '1.5.2';\n else if (model == 'Latitude 5421') fix = '1.3.0';\n else if (model == 'OptiPlex 3080') fix = '2.1.1';\n else if (model == 'OptiPlex 3090 UFF') fix = '1.2.0';\n else if (model == 'OptiPlex 3280 All-in-One') fix = '1.7.0';\n else if (model == 'OptiPlex 5080') fix = '1.4.0';\n else if (model == 'OptiPlex 5090 Tower') fix = '1.1.35';\n else if (model == 'OptiPlex 5490 AIO') fix = '1.3.0';\n else if (model == 'OptiPlex 7080') fix = '1.4.0';\n else if (model == 'OptiPlex 7090 Tower') fix = '1.1.35';\n else if (model == 'OptiPlex 7090 UFF') fix = '1.2.0';\n else if (model == 'OptiPlex 7480 All-in-One') fix = '1.7.0';\n else if (model == 'OptiPlex 7490 All-in-One') fix = '1.3.0';\n else if (model == 'OptiPlex 7780 All-in-One') fix = '1.7.0';\n else if (model == 'Precision 17 M5750') fix = '1.8.2';\n else if (model == 'Precision 3440') fix = '1.4.0';\n else if (model == 'Precision 3450') fix = '1.1.35';\n else if (model == 'Precision 3550') fix = '1.6.0';\n else if (model == 'Precision 3551') fix = '1.6.0';\n else if (model == 'Precision 3560') fix = '1.7.1';\n else if (model == 'Precision 3561') fix = '1.3.0';\n else if (model == 'Precision 3640') fix = '1.6.2';\n else if (model == 'Precision 3650 MT') fix = '1.2.0';\n else if (model == 'Precision 5550') fix = '1.8.1';\n else if (model == 'Precision 5560') fix = '1.3.2';\n else if (model == 'Precision 5760') fix = '1.1.3';\n else if (model == 'Precision 7550') fix = '1.8.0';\n else if (model == 'Precision 7560') fix = '1.1.2';\n else if (model == 'Precision 7750') fix = '1.8.0';\n else if (model == 'Precision 7760') fix = '1.1.2';\n else if (model == 'Vostro 14 5410') fix = '2.1.0';\n else if (model == 'Vostro 15 5510') fix = '2.1.0';\n else if (model == 'Vostro 15 7510') fix = '1.0.4';\n else if (model == 'Vostro 3400') fix = '1.6.0';\n else if (model == 'Vostro 3500') fix = '1.6.0';\n else if (model == 'Vostro 3501') fix = '1.6.0';\n else if (model == 'Vostro 3681') fix = '2.4.0';\n else if (model == 'Vostro 3690') fix = '1.0.11';\n else if (model == 'Vostro 3881') fix = '2.4.0';\n else if (model == 'Vostro 3888') fix = '2.4.0';\n else if (model == 'Vostro 3890') fix = '1.0.11';\n else if (model == 'Vostro 5300') fix = '1.7.1';\n else if (model == 'Vostro 5301') fix = '1.8.1';\n else if (model == 'Vostro 5310') fix = '2.1.0';\n else if (model == 'Vostro 5401') fix = '1.7.2';\n else if (model == 'Vostro 5402') fix = '1.5.1';\n else if (model == 'Vostro 5501') fix = '1.7.2';\n else if (model == 'Vostro 5502') fix = '1.5.1';\n else if (model == 'Vostro 5880') fix = '1.4.0';\n else if (model == 'Vostro 5890') fix = '1.0.11';\n else if (model == 'Vostro 7500') fix = '1.8.0';\n else if (model == 'XPS 13 9305') fix = '1.0.8';\n else if (model == 'XPS 13 2in1 9310') fix = '2.3.3';\n else if (model == 'XPS 13 9310') fix = '3.0.0';\n else if (model == 'XPS 15 9500') fix = '1.8.1';\n else if (model == 'XPS 15 9510') fix = '1.3.2';\n else if (model == 'XPS 17 9700') fix = '1.8.2';\n else if (model == 'XPS 17 9710') fix = '1.1.3';\n else\n {\n audit(AUDIT_HOST_NOT, 'an affected model');\n }\n }\n else\n {\n audit(AUDIT_HOST_NOT, 'an affected model');\n }\n var constraints = [{ 'fixed_version' : fix }];\n vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n}\nelse\n{\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "naslFamily": "Windows", "cpe": ["cpe:/o:microsoft:windows"], "solution": "Check vendor advisory.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-21574", "vpr": {"risk factor": "High", "score": "8.1"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-06-24T00:00:00", "vulnerabilityPublicationDate": "2020-06-24T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}], "cve": [{"id": "CVE-2021-21572", "bulletinFamily": "NVD", "title": "CVE-2021-21572", "description": "Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.", "published": "2021-06-24T17:15:00", "modified": "2021-06-30T19:38:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21572", "reporter": "secure@dell.com", "references": ["https://www.dell.com/support/kbdoc/en-us/000188682"], "cvelist": ["CVE-2021-21572"], "immutableFields": [], "type": "cve", "lastseen": "2021-07-01T07:45:29", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2021-21572"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-06-25T07:43:25", "references": [{"idList": ["THREATPOST:21DEB20ED3F651F477BD38ECDF58B94B"], "type": "threatpost"}, {"idList": ["THN:4550628882A8CE6800C295FA8372B47F"], "type": "thn"}], "rev": 2}, "score": {"modified": "2021-06-25T07:43:25", "rev": 2, "value": 4.0, "vector": "NONE"}, "twitter": {"counter": 13, "modified": "2021-06-25T07:43:25", "tweets": [{"link": "https://twitter.com/evilsocket/status/1409121446085939207", "text": "CVE-2021-21571 + (CVE-2021-21572 || CVE-2021-21573 || CVE-2021-21574) = RCE at the BIOS level via MITM attack most likely even just CVE-2021-21571 is enough"}, {"link": "https://twitter.com/ipssignatures/status/1409135429924929536", "text": "I know no IPS that has a protection/signature/rule for the vulnerability CVE-2021-21572.\nThe vuln was published 2 days ago by NIST.\n/search?src=sprv&q=CVE-2021-21572\n/hashtag/Sszcoig3y3ce3y?src=hashtag_click"}, {"link": "https://twitter.com/stuart_smiles/status/1408416113893990403", "text": "Dell machines BIOS to update ...\n\nhttps://t.co/tAzIBFz7qL?amp=1\n\nDell link\nhttps://t.co/rZ2MuYPFeG?amp=1\n\nCVE-2021-21571\nCVE-2021-21572\nCVE-2021-21573\nCVE-2021-21574"}, {"link": "https://twitter.com/www_sesin_at/status/1410333622436048896", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-21572 (alienware_m15_r6_firmware, chengming_3990_firmware, chengming_3991_firmware, g15_5510_firmware, g15_5511_firmware, g3_3500_firmware, g5_5500_firmware, g7_7500_firmware, ...) has been published on https://t.co/N1nS9C9TE8?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1408385012169330689", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (Dell BIOSConnect buffer overflow [CVE-2021-21572]) has been published on https://t.co/JNWqYtJKGe?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1410333629033689093", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-21572 (alienware_m15_r6_firmware, chengming_3990_firmware, chengming_3991_firmware, g15_5510_firmware, g15_5511_firmware, g3_3500_firmware, g5_5500_firmware, g7_7500_firmware, ...) has been published on https://t.co/Tk1qfK2a7p?amp=1"}, {"link": "https://twitter.com/foxbook/status/1409234305423904769", "text": "CVE-2021-21572 / CVE-2021-21573 / CVE-2021-21574 \u306f BIOSConnect \u6a5f\u80fd\u306b\u5b58\u5728\u3059\u308b\u30d0\u30c3\u30d5\u30a1\u30fc\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027\u3060\u3002\u30ed\u30fc\u30ab\u30eb\u3067\u30b7\u30b9\u30c6\u30e0\u306b\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\u306a\u8a8d\u8a3c\u3055\u308c\u305f\u30e6\u30fc\u30b6\u30fc\u304c\u3053\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u3053\u3068\u3067\u3001UEFI \u306b\u3088\u308b\u5236\u9650\u3092\u8fc2\u56de\u3057\u3066\u4efb\u610f\u30b3\u30fc\u30c9\u306e\u5b9f\u884c\u304c\u53ef\u80fd\u306b\u306a\u308b\u3002\uff08CVSS7.2)"}, {"link": "https://twitter.com/AsiifCo/status/1409859267176325122", "text": "/AcademicoCert CVE-2021-21572, CVE-2021-21573 and CVE-2021-21574, are buffer overflow vulnerabilities /Dell\n/hashtag/Exploit?src=hashtag_click /hashtag/Dell?src=hashtag_click /hashtag/infosec?src=hashtag_click /hashtag/insecurity?src=hashtag_click https://t.co/OQ9RMpDQaq?amp=1"}, {"link": "https://twitter.com/FragmentedSoul5/status/1408949943134457862", "text": "/hashtag/Dell?src=hashtag_click SupportAssist vulnerability affects 30 million PCs\n\nPre-installed on most Dell//hashtag/Windows?src=hashtag_click\n\nCVE-2021-21571 that causes an insecure TLS connection from BIOS to Dell & 3 overflow vulnerabilities CVE-2021-21572, CVE-2021-21573, CVE-2021-21574\n\n/hashtag/infosec?src=hashtag_click"}, {"link": "https://twitter.com/ipssignatures/status/1409135430587539456", "text": "The vuln CVE-2021-21572 has a tweet created 0 days ago and retweeted 7 times.\n/evilsocket/status/1409121446085939207\n/hashtag/Sszcoig3y3ce3y?src=hashtag_click"}]}}, "extraReferences": [{"name": "N/A", "refsource": "CONFIRM", "tags": [], "url": "https://www.dell.com/support/kbdoc/en-us/000188682"}], "hash": "0db45a49e0e10e24481b3d582c500472a066e9351251c1ff6d340fdc5e2034cf", "hashmap": [{"hash": "f9fb1702d735df54d6e2de3873534292", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "5a79a34534ae5a7426c39cb87977b0aa", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "cfd59118fa85a5e3729e18719c68df76", "key": "modified"}, {"hash": "5187da6bb66052f886718c79d5028cb2", "key": "extraReferences"}, {"hash": "b1ffd8152d33e51da11dc0b898c111fc", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "a08c96f1d89d79819ccc7d1866a65635", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "33879993ef5691c6256bb94ea3d57b74", "key": "references"}, {"hash": "b6c7b541e5fa503c16fbcefc8848159d", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "7a3c12dd98620f950cad4213d89db926", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21572", "id": "CVE-2021-21572", "immutableFields": [], "lastseen": "2021-06-25T07:43:25", "modified": "2021-06-24T17:36:00", "objectVersion": "1.5", "published": "2021-06-24T17:15:00", "references": ["https://www.dell.com/support/kbdoc/en-us/000188682"], "reporter": "secure@dell.com", "title": "CVE-2021-21572", "type": "cve", "viewCount": 14}, "different_elements": ["extraReferences", "cpe23", "cvss", "cvss3", "cvss2", "modified", "cpe", "affectedConfiguration", "cwe", "affectedSoftware", "cpeConfiguration"], "edition": 1, "lastseen": "2021-06-25T07:43:25"}], "edition": 2, "hashmap": [{"key": "affectedConfiguration", "hash": "1b0e6890338eb149ff1887c442854cbb"}, {"key": "affectedSoftware", "hash": "0684483ba9ac20977198a8f5b9822e56"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "33e8eccfb1f23f93c8e1cb6f2575ce1e"}, {"key": "cpe23", "hash": "dafc1552530ca9a73c495aa5caee1b0b"}, {"key": "cpeConfiguration", "hash": "d32331fa1cfb6689b1fb3f31067ed966"}, {"key": "cvelist", "hash": "5a79a34534ae5a7426c39cb87977b0aa"}, {"key": "cvss", "hash": "d5f1840e27443eb2d6a17b941080264e"}, {"key": "cvss2", "hash": "e1770ac752f40d8080b8d7ce02c354ad"}, {"key": "cvss3", "hash": "16f804bdc9e10451375cbc60d3505e68"}, {"key": "cwe", "hash": "661a69d232e07fc7aadb258325e71df8"}, {"key": "description", "hash": "f9fb1702d735df54d6e2de3873534292"}, {"key": "extraReferences", "hash": "472213abfa54a6a1821976638239a97c"}, {"key": "href", "hash": "b6c7b541e5fa503c16fbcefc8848159d"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "9d740481eb3a6af0a43a052db7a043fe"}, {"key": "published", "hash": "7a3c12dd98620f950cad4213d89db926"}, {"key": "references", "hash": "33879993ef5691c6256bb94ea3d57b74"}, {"key": "reporter", "hash": "b1ffd8152d33e51da11dc0b898c111fc"}, {"key": "title", "hash": "a08c96f1d89d79819ccc7d1866a65635"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "9132f5ee63a2b2ae831c1576386014133300d0796ebb5495d913df4fdc449d1a", "viewCount": 22, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["DELL_BIOS_DSA-2021-106.NASL"]}, {"type": "thn", "idList": ["THN:4550628882A8CE6800C295FA8372B47F"]}, {"type": "threatpost", "idList": ["THREATPOST:21DEB20ED3F651F477BD38ECDF58B94B"]}], "modified": "2021-07-01T07:45:29", "rev": 2}, "score": {"value": 4.0, "vector": "NONE", "modified": "2021-07-01T07:45:29", "rev": 2}, "twitter": {"counter": 13, "modified": "2021-06-25T07:43:25", "tweets": [{"link": "https://twitter.com/evilsocket/status/1409121446085939207", "text": "CVE-2021-21571 + (CVE-2021-21572 || CVE-2021-21573 || CVE-2021-21574) = RCE at the BIOS level via MITM attack most likely even just CVE-2021-21571 is enough"}, {"link": "https://twitter.com/ipssignatures/status/1409135429924929536", "text": "I know no IPS that has a protection/signature/rule for the vulnerability CVE-2021-21572.\nThe vuln was published 2 days ago by NIST.\n/search?src=sprv&q=CVE-2021-21572\n/hashtag/Sszcoig3y3ce3y?src=hashtag_click"}, {"link": "https://twitter.com/stuart_smiles/status/1408416113893990403", "text": "Dell machines BIOS to update ...\n\nhttps://t.co/tAzIBFz7qL?amp=1\n\nDell link\nhttps://t.co/rZ2MuYPFeG?amp=1\n\nCVE-2021-21571\nCVE-2021-21572\nCVE-2021-21573\nCVE-2021-21574"}, {"link": "https://twitter.com/www_sesin_at/status/1410333622436048896", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-21572 (alienware_m15_r6_firmware, chengming_3990_firmware, chengming_3991_firmware, g15_5510_firmware, g15_5511_firmware, g3_3500_firmware, g5_5500_firmware, g7_7500_firmware, ...) has been published on https://t.co/N1nS9C9TE8?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1408385012169330689", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (Dell BIOSConnect buffer overflow [CVE-2021-21572]) has been published on https://t.co/JNWqYtJKGe?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1410333629033689093", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-21572 (alienware_m15_r6_firmware, chengming_3990_firmware, chengming_3991_firmware, g15_5510_firmware, g15_5511_firmware, g3_3500_firmware, g5_5500_firmware, g7_7500_firmware, ...) has been published on https://t.co/Tk1qfK2a7p?amp=1"}, {"link": "https://twitter.com/foxbook/status/1409234305423904769", "text": "CVE-2021-21572 / CVE-2021-21573 / CVE-2021-21574 \u306f BIOSConnect \u6a5f\u80fd\u306b\u5b58\u5728\u3059\u308b\u30d0\u30c3\u30d5\u30a1\u30fc\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027\u3060\u3002\u30ed\u30fc\u30ab\u30eb\u3067\u30b7\u30b9\u30c6\u30e0\u306b\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\u306a\u8a8d\u8a3c\u3055\u308c\u305f\u30e6\u30fc\u30b6\u30fc\u304c\u3053\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u3053\u3068\u3067\u3001UEFI \u306b\u3088\u308b\u5236\u9650\u3092\u8fc2\u56de\u3057\u3066\u4efb\u610f\u30b3\u30fc\u30c9\u306e\u5b9f\u884c\u304c\u53ef\u80fd\u306b\u306a\u308b\u3002\uff08CVSS7.2)"}, {"link": "https://twitter.com/AsiifCo/status/1409859267176325122", "text": "/AcademicoCert CVE-2021-21572, CVE-2021-21573 and CVE-2021-21574, are buffer overflow vulnerabilities /Dell\n/hashtag/Exploit?src=hashtag_click /hashtag/Dell?src=hashtag_click /hashtag/infosec?src=hashtag_click /hashtag/insecurity?src=hashtag_click https://t.co/OQ9RMpDQaq?amp=1"}, {"link": "https://twitter.com/FragmentedSoul5/status/1408949943134457862", "text": "/hashtag/Dell?src=hashtag_click SupportAssist vulnerability affects 30 million PCs\n\nPre-installed on most Dell//hashtag/Windows?src=hashtag_click\n\nCVE-2021-21571 that causes an insecure TLS connection from BIOS to Dell & 3 overflow vulnerabilities CVE-2021-21572, CVE-2021-21573, CVE-2021-21574\n\n/hashtag/infosec?src=hashtag_click"}, {"link": "https://twitter.com/ipssignatures/status/1409135430587539456", "text": "The vuln CVE-2021-21572 has a tweet created 0 days ago and retweeted 7 times.\n/evilsocket/status/1409121446085939207\n/hashtag/Sszcoig3y3ce3y?src=hashtag_click"}]}}, "objectVersion": "1.5", "cpe": ["cpe:/o:dell:g3_3500_firmware:1.9.0"], "affectedSoftware": [{"cpeName": "dell:precision_7560_firmware", "name": "dell precision 7560 firmware", "operator": "lt", "version": "1.1.2"}, {"cpeName": "dell:optiplex_5490_aio_firmware", "name": "dell optiplex 5490 aio firmware", "operator": "lt", "version": "1.3.0"}, {"cpeName": "dell:inspiron_5402_firmware", "name": "dell inspiron 5402 firmware", "operator": "lt", "version": "1.5.1"}, {"cpeName": "dell:latitude_5520_firmware", "name": "dell latitude 5520 firmware", "operator": "lt", "version": "1.7.1"}, {"cpeName": "dell:vostro_5310_firmware", "name": "dell vostro 5310 firmware", "operator": "lt", "version": "2.1.0"}, {"cpeName": "dell:latitude_7320_detachable_firmware", "name": "dell latitude 7320 detachable firmware", "operator": "lt", "version": "1.4.0_a04"}, {"cpeName": "dell:vostro_3501_firmware", "name": "dell vostro 3501 firmware", "operator": "lt", "version": "1.6.0"}, {"cpeName": "dell:precision_5560_firmware", "name": "dell precision 5560 firmware", "operator": "lt", "version": "1.3.2"}, {"cpeName": "dell:precision_3650_mt_firmware", "name": "dell precision 3650 mt firmware", "operator": "lt", "version": "1.2.0"}, {"cpeName": "dell:latitude_9510_firmware", "name": "dell latitude 9510 firmware", "operator": "lt", "version": "1.6.0"}, {"cpeName": "dell:inspiron_15_5518_firmware", "name": "dell inspiron 15 5518 firmware", "operator": "lt", "version": "2.1.0_a06"}, {"cpeName": "dell:optiplex_5080_firmware", "name": "dell optiplex 5080 firmware", "operator": "lt", "version": "1.4.0"}, {"cpeName": "dell:vostro_5890_firmware", "name": "dell vostro 5890 firmware", "operator": "lt", "version": "1.0.11"}, {"cpeName": "dell:inspiron_7506_firmware", "name": "dell inspiron 7506 firmware", "operator": "lt", "version": "1.5.1"}, {"cpeName": "dell:g15_5511_firmware", "name": "dell g15 5511 firmware", "operator": "lt", "version": "1.3.3"}, {"cpeName": "dell:latitude_7310_firmware", "name": "dell latitude 7310 firmware", "operator": "lt", "version": "1.7.0"}, {"cpeName": "dell:optiplex_3080_firmware", "name": "dell optiplex 3080 firmware", "operator": "lt", "version": "2.1.1"}, {"cpeName": "dell:inspiron_15_7510_firmware", "name": "dell inspiron 15 7510 firmware", "operator": "lt", "version": "1.0.4"}, {"cpeName": "dell:latitude_5320_firmware", "name": "dell latitude 5320 firmware", "operator": "lt", "version": "1.7.1"}, {"cpeName": "dell:optiplex_7090_uff_firmware", "name": "dell optiplex 7090 uff firmware", "operator": "lt", "version": "1.2.0"}, {"cpeName": "dell:inspiron_5410_2-in-1_firmware", "name": "dell inspiron 5410 2-in-1 firmware", "operator": "lt", "version": "2.1.0"}, {"cpeName": "dell:vostro_5502_firmware", "name": "dell vostro 5502 firmware", "operator": "lt", "version": "1.5.1"}, {"cpeName": "dell:inspiron_5508_firmware", "name": "dell inspiron 5508 firmware", "operator": "lt", "version": "1.7.2"}, {"cpeName": "dell:inspiron_7500_2-in-1_firmware", "name": "dell inspiron 7500 2-in-1 firmware", "operator": "lt", "version": "1.3.0"}, {"cpeName": "dell:latitude_5310_firmware", "name": "dell latitude 5310 firmware", "operator": "lt", "version": "1.7.0"}, {"cpeName": "dell:chengming_3991_firmware", "name": "dell chengming 3991 firmware", "operator": "lt", "version": "1.4.1"}, {"cpeName": "dell:vostro_5880_firmware", "name": "dell vostro 5880 firmware", "operator": "lt", "version": "1.4.0"}, {"cpeName": "dell:latitude_5521_firmware", "name": "dell latitude 5521 firmware", "operator": "lt", "version": "1.3.0_a03"}, {"cpeName": "dell:latitude_7410_firmware", "name": "dell latitude 7410 firmware", "operator": "lt", "version": "1.7.0"}, {"cpeName": "dell:latitude_3420_firmware", "name": "dell latitude 3420 firmware", "operator": "lt", "version": "1.8.0"}, {"cpeName": "dell:vostro_3890_firmware", "name": "dell vostro 3890 firmware", "operator": "lt", "version": "1.0.11"}, {"cpeName": "dell:inspiron_7501_firmware", "name": "dell inspiron 7501 firmware", "operator": "lt", "version": "1.8.0"}, {"cpeName": "dell:optiplex_7480_all-in-one_firmware", "name": "dell optiplex 7480 all-in-one firmware", "operator": "lt", "version": "1.7.0"}, {"cpeName": "dell:inspiron_5400_2-in-1_firmware", "name": "dell inspiron 5400 2-in-1 firmware", "operator": "lt", "version": "1.7.0"}, {"cpeName": "dell:latitude_5510_firmware", "name": "dell latitude 5510 firmware", "operator": "lt", "version": "1.6.0"}, {"cpeName": "dell:latitude_5421_firmware", "name": "dell latitude 5421 firmware", "operator": "lt", "version": "1.3.0_a03"}, {"cpeName": "dell:xps_15_9500_firmware", "name": "dell xps 15 9500 firmware", "operator": "lt", "version": "1.8.1"}, {"cpeName": "dell:g3_3500_firmware", "name": "dell g3 3500 firmware", "operator": "le", "version": "1.9.0"}, {"cpeName": "dell:xps_17_9700_firmware", "name": "dell xps 17 9700 firmware", "operator": "lt", "version": "1.8.2"}, {"cpeName": "dell:precision_3550_firmware", "name": "dell precision 3550 firmware", "operator": "lt", "version": "1.6.0"}, {"cpeName": "dell:precision_7750_firmware", "name": "dell precision 7750 firmware", "operator": "lt", "version": "1.8.0"}, {"cpeName": "dell:inspiron_3501_firmware", "name": "dell inspiron 3501 firmware", "operator": "lt", "version": "1.6.0"}, {"cpeName": "dell:vostro_7500_firmware", "name": "dell vostro 7500 firmware", "operator": "lt", "version": "1.8.0"}, {"cpeName": "dell:latitude_5411_firmware", "name": "dell latitude 5411 firmware", "operator": "lt", "version": "1.6.0"}, {"cpeName": "dell:inspiron_5400_aio_firmware", "name": "dell inspiron 5400 aio firmware", "operator": "lt", "version": "1.4.0"}, {"cpeName": "dell:vostro_5402_firmware", "name": "dell vostro 5402 firmware", "operator": "lt", "version": "1.5.1"}, {"cpeName": "dell:optiplex_7780_all-in-one_firmware", "name": "dell optiplex 7780 all-in-one firmware", "operator": "lt", "version": "1.7.0"}, {"cpeName": "dell:latitude_7520_firmware", "name": "dell latitude 7520 firmware", "operator": "lt", "version": "1.7.1"}, {"cpeName": "dell:latitude_5511_firmware", "name": "dell latitude 5511 firmware", "operator": "lt", "version": "1.6.0"}, {"cpeName": "dell:alienware_m15_r6_firmware", "name": "dell alienware m15 r6 firmware", "operator": "lt", "version": "1.3.3"}, {"cpeName": "dell:precision_5760_firmware", "name": "dell precision 5760 firmware", "operator": "lt", "version": "1.1.3"}, {"cpeName": "dell:xps_13_9310_firmware", "name": "dell xps 13 9310 firmware", "operator": "lt", "version": "3.0.0"}, {"cpeName": "dell:optiplex_7490_all-in-one_firmware", "name": "dell optiplex 7490 all-in-one firmware", "operator": "lt", "version": "1.3.0"}, {"cpeName": "dell:precision_7550_firmware", "name": "dell precision 7550 firmware", "operator": "lt", "version": "1.8.0"}, {"cpeName": "dell:vostro_5501_firmware", "name": "dell vostro 5501 firmware", "operator": "lt", "version": "1.7.2"}, {"cpeName": "dell:latitude_5410_firmware", "name": "dell latitude 5410 firmware", "operator": "lt", "version": "1.6.0"}, {"cpeName": "dell:latitude_7320_firmware", "name": "dell latitude 7320 firmware", "operator": "lt", "version": "1.7.1"}, {"cpeName": "dell:precision_3551_firmware", "name": "dell precision 3551 firmware", "operator": "lt", "version": "1.6.0"}, {"cpeName": "dell:xps_13_9305_firmware", "name": "dell xps 13 9305 firmware", "operator": "lt", "version": "1.0.8"}, {"cpeName": "dell:inspiron_7300_2-in-1_firmware", "name": "dell inspiron 7300 2-in-1 firmware", "operator": "lt", "version": "1.3.0"}, {"cpeName": "dell:latitude_5420_firmware", "name": "dell latitude 5420 firmware", "operator": "lt", "version": "1.8.0"}, {"cpeName": "dell:precision_17_m5750_firmware", "name": "dell precision 17 m5750 firmware", "operator": "lt", "version": "1.8.2"}, {"cpeName": "dell:optiplex_3280_all-in-one_firmware", "name": "dell optiplex 3280 all-in-one firmware", "operator": "lt", "version": "1.7.0"}, {"cpeName": "dell:chengming_3990_firmware", "name": "dell chengming 3990 firmware", "operator": "lt", "version": "1.4.1"}, {"cpeName": "dell:vostro_3500_firmware", "name": "dell vostro 3500 firmware", "operator": "lt", "version": "1.6.0"}, {"cpeName": "dell:inspiron_5300_firmware", "name": "dell inspiron 5300 firmware", "operator": "lt", "version": "1.7.1"}, {"cpeName": "dell:latitude_5310_2-in-1_firmware", "name": "dell latitude 5310 2-in-1 firmware", "operator": "lt", "version": "1.7.0"}, {"cpeName": "dell:g5_5500_firmware", "name": "dell g5 5500 firmware", "operator": "lt", "version": "1.9.0"}, {"cpeName": "dell:precision_3640_firmware", "name": "dell precision 3640 firmware", "operator": "lt", "version": "1.6.2"}, {"cpeName": "dell:vostro_3690_firmware", "name": "dell vostro 3690 firmware", "operator": "lt", "version": "1.0.11"}, {"cpeName": "dell:inspiron_5502_firmware", "name": "dell inspiron 5502 firmware", "operator": "lt", "version": "1.5.1"}, {"cpeName": "dell:inspiron_7706_2-in-1_firmware", "name": "dell inspiron 7706 2-in-1 firmware", "operator": "lt", "version": "1.5.1"}, {"cpeName": "dell:optiplex_5090_tower_firmware", "name": "dell optiplex 5090 tower firmware", "operator": "lt", "version": "1.1.35"}, {"cpeName": "dell:inspiron_5301_firmware", "name": "dell inspiron 5301 firmware", "operator": "lt", "version": "1.8.1"}, {"cpeName": "dell:inspiron_5501_firmware", "name": "dell inspiron 5501 firmware", "operator": "lt", "version": "1.7.2"}, {"cpeName": "dell:optiplex_7080_firmware", "name": "dell optiplex 7080 firmware", "operator": "lt", "version": "1.4.0"}, {"cpeName": "dell:inspiron_14_5418_firmware", "name": "dell inspiron 14 5418 firmware", "operator": "lt", "version": "2.1.0_a06"}, {"cpeName": "dell:precision_3561_firmware", "name": "dell precision 3561 firmware", "operator": "lt", "version": "1.3.0_a03"}, {"cpeName": "dell:vostro_3681_firmware", "name": "dell vostro 3681 firmware", "operator": "lt", "version": "2.4.0"}, {"cpeName": "dell:optiplex_3090_uff_firmware", "name": "dell optiplex 3090 uff firmware", "operator": "lt", "version": "1.2.0"}, {"cpeName": "dell:vostro_3400_firmware", "name": "dell vostro 3400 firmware", "operator": "lt", "version": "1.6.0"}, {"cpeName": "dell:vostro_3888_firmware", "name": "dell vostro 3888 firmware", "operator": "lt", "version": "2.4.0"}, {"cpeName": "dell:xps_15_9510_firmware", "name": "dell xps 15 9510 firmware", "operator": "lt", "version": "1.3.2"}, {"cpeName": "dell:latitude_7420_firmware", "name": "dell latitude 7420 firmware", "operator": "lt", "version": "1.7.1"}, {"cpeName": "dell:latitude_3410_firmware", "name": "dell latitude 3410 firmware", "operator": "lt", "version": "1.9.0"}, {"cpeName": "dell:g15_5510_firmware", "name": "dell g15 5510 firmware", "operator": "lt", "version": "1.4.0"}, {"cpeName": "dell:latitude_9520_firmware", "name": "dell latitude 9520 firmware", "operator": "lt", "version": "1.5.2"}, {"cpeName": "dell:latitude_5320_2-in-1_firmware", "name": "dell latitude 5320 2-in-1 firmware", "operator": "lt", "version": "1.7.1"}, {"cpeName": "dell:vostro_3881_firmware", "name": "dell vostro 3881 firmware", "operator": "lt", "version": "2.4.0"}, {"cpeName": "dell:g7_7500_firmware", "name": "dell g7 7500 firmware", "operator": "lt", "version": "1.9.0"}, {"cpeName": "dell:inspiron_5409_firmware", "name": "dell inspiron 5409 firmware", "operator": "lt", "version": "1.5.1"}, {"cpeName": "dell:inspiron_7306_2-in-1_firmware", "name": "dell inspiron 7306 2-in-1 firmware", "operator": "lt", "version": "1.5.1"}, {"cpeName": "dell:latitude_3120_firmware", "name": "dell latitude 3120 firmware", "operator": "lt", "version": "1.1.0"}, {"cpeName": "dell:precision_3450_firmware", "name": "dell precision 3450 firmware", "operator": "lt", "version": "1.1.35"}, {"cpeName": "dell:precision_3560_firmware", "name": "dell precision 3560 firmware", "operator": "lt", "version": "1.7.1"}, {"cpeName": "dell:latitude_3320_firmware", "name": "dell latitude 3320 firmware", "operator": "lt", "version": "1.4.0"}, {"cpeName": "dell:latitude_3520_firmware", "name": "dell latitude 3520 firmware", "operator": "lt", "version": "1.8.0"}, {"cpeName": "dell:optiplex_7090_tower_firmware", "name": "dell optiplex 7090 tower firmware", "operator": "lt", "version": "1.1.35"}, {"cpeName": "dell:inspiron_7400_firmware", "name": "dell inspiron 7400 firmware", "operator": "lt", "version": "1.8.1"}, {"cpeName": "dell:precision_7760_firmware", "name": "dell precision 7760 firmware", "operator": "lt", "version": "1.1.2"}, {"cpeName": "dell:vostro_5300_firmware", "name": "dell vostro 5300 firmware", "operator": "lt", "version": "1.7.1"}, {"cpeName": "dell:inspiron_3881_firmware", "name": "dell inspiron 3881 firmware", "operator": "lt", "version": "1.4.1"}, {"cpeName": "dell:inspiron_3880_firmware", "name": "dell inspiron 3880 firmware", "operator": "lt", "version": "1.4.1"}, {"cpeName": "dell:xps_13_2in1_9310_firmware", "name": "dell xps 13 2in1 9310 firmware", "operator": "lt", "version": "2.3.3"}, {"cpeName": "dell:g7_7700_firmware", "name": "dell g7 7700 firmware", "operator": "lt", "version": "1.9.0"}, {"cpeName": "dell:latitude_7210_2-in-1_firmware", "name": "dell latitude 7210 2-in-1 firmware", "operator": "lt", "version": "1.7.0"}, {"cpeName": "dell:vostro_15_5510_firmware", "name": "dell vostro 15 5510 firmware", "operator": "lt", "version": "2.1.0_a06"}, {"cpeName": "dell:latitude_9410_firmware", "name": "dell latitude 9410 firmware", "operator": "lt", "version": "1.7.0"}, {"cpeName": "dell:vostro_15_7510_firmware", "name": "dell vostro 15 7510 firmware", "operator": "lt", "version": "1.0.4"}, {"cpeName": "dell:precision_5550_firmware", "name": "dell precision 5550 firmware", "operator": "lt", "version": "1.8.1"}, {"cpeName": "dell:vostro_5401_firmware", "name": "dell vostro 5401 firmware", "operator": "lt", "version": "1.7.2"}, {"cpeName": "dell:precision_3440_firmware", "name": "dell precision 3440 firmware", "operator": "lt", "version": "1.4.0"}, {"cpeName": "dell:inspiron_5408_firmware", "name": "dell inspiron 5408 firmware", "operator": "lt", "version": "1.7.2"}, {"cpeName": "dell:inspiron_7610_firmware", "name": "dell inspiron 7610 firmware", "operator": "lt", "version": "1.0.4"}, {"cpeName": "dell:inspiron_3891_firmware", "name": "dell inspiron 3891 firmware", "operator": "lt", "version": "1.0.11"}, {"cpeName": "dell:vostro_5301_firmware", "name": "dell vostro 5301 firmware", "operator": "lt", "version": "1.8.1"}, {"cpeName": "dell:inspiron_5401_firmware", "name": "dell inspiron 5401 firmware", "operator": "lt", "version": "1.7.2"}, {"cpeName": "dell:latitude_9420_firmware", "name": "dell latitude 9420 firmware", "operator": "lt", "version": "1.4.1"}, {"cpeName": "dell:inspiron_7700_aio_firmware", "name": "dell inspiron 7700 aio firmware", "operator": "lt", "version": "1.4.0"}, {"cpeName": "dell:vostro_14_5410_firmware", "name": "dell vostro 14 5410 firmware", "operator": "lt", "version": "2.1.0_a06"}, {"cpeName": "dell:inspiron_5406_2n1_firmware", "name": "dell inspiron 5406 2n1 firmware", "operator": "lt", "version": "1.5.1"}, {"cpeName": "dell:latitude_3510_firmware", "name": "dell latitude 3510 firmware", "operator": "lt", "version": "1.9.0"}, {"cpeName": "dell:inspiron_7500_firmware", "name": "dell inspiron 7500 firmware", "operator": "lt", "version": "1.8.0"}, {"cpeName": "dell:inspiron_5509_firmware", "name": "dell inspiron 5509 firmware", "operator": "lt", "version": "1.5.1"}, {"cpeName": "dell:inspiron_5310_firmware", "name": "dell inspiron 5310 firmware", "operator": "lt", "version": "2.1.0"}, {"cpeName": "dell:inspiron_5401_aio_firmware", "name": "dell inspiron 5401 aio firmware", "operator": "lt", "version": "1.4.0"}, {"cpeName": "dell:xps_17_9710_firmware", "name": "dell xps 17 9710 firmware", "operator": "lt", "version": "1.1.3"}, {"cpeName": "dell:inspiron_7300_firmware", "name": "dell inspiron 7300 firmware", "operator": "lt", "version": "1.8.1"}], "affectedConfiguration": [{"cpeName": "dell:vostro_3681", "name": "dell vostro 3681", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_15_5518", "name": "dell inspiron 15 5518", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_7400", "name": "dell inspiron 7400", "operator": "eq", "version": "-"}, {"cpeName": "dell:optiplex_7090_uff", "name": "dell optiplex 7090 uff", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_7550", "name": "dell precision 7550", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5401_aio", "name": "dell inspiron 5401 aio", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_3501", "name": "dell inspiron 3501", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5508", "name": "dell inspiron 5508", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5400_aio", "name": "dell inspiron 5400 aio", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_3690", "name": "dell vostro 3690", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5409", "name": "dell inspiron 5409", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_3881", "name": "dell vostro 3881", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_3320", "name": "dell latitude 3320", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5410_2-in-1", "name": "dell inspiron 5410 2-in-1", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_5421", "name": "dell latitude 5421", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_3888", "name": "dell vostro 3888", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_7760", "name": "dell precision 7760", "operator": "eq", "version": "-"}, {"cpeName": "dell:xps_13_2in1_9310", "name": "dell xps 13 2in1 9310", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_3500", "name": "dell vostro 3500", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_7320_detachable", "name": "dell latitude 7320 detachable", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_5550", "name": "dell precision 5550", "operator": "eq", "version": "-"}, {"cpeName": "dell:xps_15_9500", "name": "dell xps 15 9500", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_3550", "name": "dell precision 3550", "operator": "eq", "version": "-"}, {"cpeName": "dell:optiplex_3080", "name": "dell optiplex 3080", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_9520", "name": "dell latitude 9520", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_7410", "name": "dell latitude 7410", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_5310_2-in-1", "name": "dell latitude 5310 2-in-1", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_3420", "name": "dell latitude 3420", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_7310", "name": "dell latitude 7310", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_7610", "name": "dell inspiron 7610", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_5502", "name": "dell vostro 5502", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_5300", "name": "dell vostro 5300", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_7700_aio", "name": "dell inspiron 7700 aio", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_3640", "name": "dell precision 3640", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_9510", "name": "dell latitude 9510", "operator": "eq", "version": "-"}, {"cpeName": "dell:xps_13_9310", "name": "dell xps 13 9310", "operator": "eq", "version": "-"}, {"cpeName": "dell:optiplex_5080", "name": "dell optiplex 5080", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_3890", "name": "dell vostro 3890", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_5760", "name": "dell precision 5760", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5501", "name": "dell inspiron 5501", "operator": "eq", "version": "-"}, {"cpeName": "dell:xps_17_9710", "name": "dell xps 17 9710", "operator": "eq", "version": "-"}, {"cpeName": "dell:g15_5511", "name": "dell g15 5511", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_7420", "name": "dell latitude 7420", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_5520", "name": "dell latitude 5520", "operator": "eq", "version": "-"}, {"cpeName": "dell:optiplex_7480_all-in-one", "name": "dell optiplex 7480 all-in-one", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5310", "name": "dell inspiron 5310", "operator": "eq", "version": "-"}, {"cpeName": "dell:optiplex_3090_uff", "name": "dell optiplex 3090 uff", "operator": "eq", "version": "-"}, {"cpeName": "dell:xps_15_9510", "name": "dell xps 15 9510", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5401", "name": "dell inspiron 5401", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_7500_2-in-1", "name": "dell inspiron 7500 2-in-1", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_17_m5750", "name": "dell precision 17 m5750", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5502", "name": "dell inspiron 5502", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_5890", "name": "dell vostro 5890", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_3891", "name": "dell inspiron 3891", "operator": "eq", "version": "-"}, {"cpeName": "dell:g5_5500", "name": "dell g5 5500", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_5510", "name": "dell latitude 5510", "operator": "eq", "version": "-"}, {"cpeName": "dell:optiplex_7490_all-in-one", "name": "dell optiplex 7490 all-in-one", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_15_7510", "name": "dell vostro 15 7510", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5406_2n1", "name": "dell inspiron 5406 2n1", "operator": "eq", "version": "-"}, {"cpeName": "dell:optiplex_7780_all-in-one", "name": "dell optiplex 7780 all-in-one", "operator": "eq", "version": "-"}, {"cpeName": "dell:g15_5510", "name": "dell g15 5510", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_5880", "name": "dell vostro 5880", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_3410", "name": "dell latitude 3410", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_3551", "name": "dell precision 3551", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5402", "name": "dell inspiron 5402", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_7506", "name": "dell inspiron 7506", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_5402", "name": "dell vostro 5402", "operator": "eq", "version": "-"}, {"cpeName": "dell:alienware_m15_r6", "name": "dell alienware m15 r6", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_9410", "name": "dell latitude 9410", "operator": "eq", "version": "-"}, {"cpeName": "dell:optiplex_7080", "name": "dell optiplex 7080", "operator": "eq", "version": "-"}, {"cpeName": "dell:xps_17_9700", "name": "dell xps 17 9700", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_5501", "name": "dell vostro 5501", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_5560", "name": "dell precision 5560", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_5521", "name": "dell latitude 5521", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5300", "name": "dell inspiron 5300", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_3881", "name": "dell inspiron 3881", "operator": "eq", "version": "-"}, {"cpeName": "dell:optiplex_3280_all-in-one", "name": "dell optiplex 3280 all-in-one", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_3501", "name": "dell vostro 3501", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5408", "name": "dell inspiron 5408", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_3510", "name": "dell latitude 3510", "operator": "eq", "version": "-"}, {"cpeName": "dell:chengming_3990", "name": "dell chengming 3990", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_3560", "name": "dell precision 3560", "operator": "eq", "version": "-"}, {"cpeName": "dell:g3_3500", "name": "dell g3 3500", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_5401", "name": "dell vostro 5401", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_5320", "name": "dell latitude 5320", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5509", "name": "dell inspiron 5509", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_7500", "name": "dell inspiron 7500", "operator": "eq", "version": "-"}, {"cpeName": "dell:optiplex_5490_aio", "name": "dell optiplex 5490 aio", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_7300_2-in-1", "name": "dell inspiron 7300 2-in-1", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_7210_2-in-1", "name": "dell latitude 7210 2-in-1", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_3120", "name": "dell latitude 3120", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_7501", "name": "dell inspiron 7501", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_5410", "name": "dell latitude 5410", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_3400", "name": "dell vostro 3400", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_5420", "name": "dell latitude 5420", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_14_5410", "name": "dell vostro 14 5410", "operator": "eq", "version": "-"}, {"cpeName": "dell:optiplex_5090_tower", "name": "dell optiplex 5090 tower", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5301", "name": "dell inspiron 5301", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_15_5510", "name": "dell vostro 15 5510", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_5310", "name": "dell vostro 5310", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_3880", "name": "dell inspiron 3880", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_7560", "name": "dell precision 7560", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_5511", "name": "dell latitude 5511", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_5320_2-in-1", "name": "dell latitude 5320 2-in-1", "operator": "eq", "version": "-"}, {"cpeName": "dell:xps_13_9305", "name": "dell xps 13 9305", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_3650_mt", "name": "dell precision 3650 mt", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_5411", "name": "dell latitude 5411", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_3561", "name": "dell precision 3561", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_3520", "name": "dell latitude 3520", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_7306_2-in-1", "name": "dell inspiron 7306 2-in-1", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_7520", "name": "dell latitude 7520", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_7706_2-in-1", "name": "dell inspiron 7706 2-in-1", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_7750", "name": "dell precision 7750", "operator": "eq", "version": "-"}, {"cpeName": "dell:g7_7500", "name": "dell g7 7500", "operator": "eq", "version": "-"}, {"cpeName": "dell:g7_7700", "name": "dell g7 7700", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_7500", "name": "dell vostro 7500", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_3440", "name": "dell precision 3440", "operator": "eq", "version": "-"}, {"cpeName": "dell:chengming_3991", "name": "dell chengming 3991", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_7300", "name": "dell inspiron 7300", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_7320", "name": "dell latitude 7320", "operator": "eq", "version": "-"}, {"cpeName": "dell:precision_3450", "name": "dell precision 3450", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_15_7510", "name": "dell inspiron 15 7510", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_5400_2-in-1", "name": "dell inspiron 5400 2-in-1", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_5310", "name": "dell latitude 5310", "operator": "eq", "version": "-"}, {"cpeName": "dell:inspiron_14_5418", "name": "dell inspiron 14 5418", "operator": "eq", "version": "-"}, {"cpeName": "dell:optiplex_7090_tower", "name": "dell optiplex 7090 tower", "operator": "eq", "version": "-"}, {"cpeName": "dell:vostro_5301", "name": "dell vostro 5301", "operator": "eq", "version": "-"}, {"cpeName": "dell:latitude_9420", "name": "dell latitude 9420", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_5310_firmware:2.1.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_5310:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_3420_firmware:1.8.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_3420:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:g7_7700_firmware:1.9.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.9.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:g7_7700:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5406_2n1_firmware:1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5406_2n1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_14_5418:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_14_5418_firmware:2.1.0_a06:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.0_a06", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:xps_15_9510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:xps_15_9510_firmware:1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.3.2", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_5320:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_5320_firmware:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_3410:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_3410_firmware:1.9.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.9.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_15_7510_firmware:1.0.4:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.4", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_15_7510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_3501_firmware:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_3501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:optiplex_7490_all-in-one_firmware:1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.3.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:optiplex_7490_all-in-one:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_7500_2-in-1_firmware:1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.3.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_7500_2-in-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_3440:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_3440_firmware:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5502_firmware:1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5502:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5508:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5508_firmware:1.7.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.2", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_3120_firmware:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_3120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_7306_2-in-1_firmware:1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_7306_2-in-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_14_5410:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_14_5410_firmware:2.1.0_a06:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.0_a06", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_3681_firmware:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.4.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_3681:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_7501_firmware:1.8.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_7501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_5420:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_5420_firmware:1.8.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_7420_firmware:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_7420:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_5501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_5501_firmware:1.7.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.2", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5400_2-in-1_firmware:1.7.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5400_2-in-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5401_aio_firmware:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5401_aio:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_5401_firmware:1.7.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.2", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_5401:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_3881_firmware:1.4.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_3881:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_17_m5750:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_17_m5750_firmware:1.8.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.2", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_5510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_5510_firmware:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_5402:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_5402_firmware:1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_7500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_7500_firmware:1.8.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:xps_13_9305:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:xps_13_9305_firmware:1.0.8:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.8", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5400_aio:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5400_aio_firmware:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5310_firmware:2.1.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5310:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_3501_firmware:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_3501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_3880:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_3880_firmware:1.4.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_7706_2-in-1_firmware:1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_7706_2-in-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_7300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_7300_firmware:1.8.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:optiplex_3090_uff:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:optiplex_3090_uff_firmware:1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.2.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_9520:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_9520_firmware:1.5.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5.2", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:optiplex_3080:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:optiplex_3080_firmware:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5501_firmware:1.7.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.2", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5501:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:g7_7500_firmware:1.9.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.9.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:g7_7500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_3891_firmware:1.0.11:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.11", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_3891:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_3510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_3510_firmware:1.9.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.9.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_5410_firmware:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_5410:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_3400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_3400_firmware:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_5511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_5511_firmware:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:optiplex_7780_all-in-one:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:optiplex_7780_all-in-one_firmware:1.7.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_7750_firmware:1.8.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_7750:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_3520_firmware:1.8.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_3520:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_3650_mt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_3650_mt_firmware:1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.2.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_7760:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_7760_firmware:1.1.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.2", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_7500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_7500_firmware:1.8.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:optiplex_5090_tower_firmware:1.1.35:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.35", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:optiplex_5090_tower:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_7410_firmware:1.7.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_7410:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:xps_17_9710_firmware:1.1.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.3", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:xps_17_9710:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_5320_2-in-1_firmware:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_5320_2-in-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5408_firmware:1.7.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.2", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5408:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_5301_firmware:1.8.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_5301:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_7400_firmware:1.8.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_7400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5401_firmware:1.7.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.2", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5401:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_5310_firmware:1.7.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_5310:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_7506_firmware:1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_7506:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_3450:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_3450_firmware:1.1.35:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.35", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_15_5510_firmware:2.1.0_a06:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.0_a06", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_15_5510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_3500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_3500_firmware:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_3881:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_3881_firmware:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.4.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_5421:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_5421_firmware:1.3.0_a03:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.3.0_a03", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:optiplex_7080:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:optiplex_7080_firmware:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_3561_firmware:1.3.0_a03:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.3.0_a03", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_3561:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_3560:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_3560_firmware:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:optiplex_7480_all-in-one:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:optiplex_7480_all-in-one_firmware:1.7.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:optiplex_5080_firmware:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:optiplex_5080:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:chengming_3991:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:chengming_3991_firmware:1.4.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_5890_firmware:1.0.11:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.11", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_5890:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_5560_firmware:1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.3.2", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_5560:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_5300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_5300_firmware:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5410_2-in-1_firmware:2.1.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5410_2-in-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:xps_13_2in1_9310_firmware:2.3.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.3.3", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:xps_13_2in1_9310:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_9420_firmware:1.4.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_9420:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5509:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5509_firmware:1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_7320:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_7320_firmware:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:g15_5511:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:g15_5511_firmware:1.3.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.3.3", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_3551:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_3551_firmware:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_7550_firmware:1.8.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_7550:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:chengming_3990:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:chengming_3990_firmware:1.4.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_7520_firmware:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_7520:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:optiplex_5490_aio_firmware:1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.3.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:optiplex_5490_aio:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_5521_firmware:1.3.0_a03:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.3.0_a03", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_5521:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_3888:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_3888_firmware:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.4.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_7300_2-in-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_7300_2-in-1_firmware:1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.3.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:xps_15_9500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:xps_15_9500_firmware:1.8.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_5760:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_5760_firmware:1.1.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.3", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_7210_2-in-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_7210_2-in-1_firmware:1.7.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_3320:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_3320_firmware:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5409_firmware:1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5409:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_3690:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_3690_firmware:1.0.11:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.11", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_3640_firmware:1.6.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.2", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_3640:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:xps_13_9310:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:xps_13_9310_firmware:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:xps_17_9700_firmware:1.8.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.2", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:xps_17_9700:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_7310_firmware:1.7.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_7310:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_5520:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_5520_firmware:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_3550_firmware:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_3550:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:optiplex_7090_tower_firmware:1.1.35:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.35", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:optiplex_7090_tower:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:g5_5500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:g5_5500_firmware:1.9.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.9.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_9410:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_9410_firmware:1.7.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_9510_firmware:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_9510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_5880_firmware:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_5880:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:g3_3500_firmware:1.9.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.9.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:g3_3500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_3890:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_3890_firmware:1.0.11:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.11", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_7700_aio:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_7700_aio_firmware:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.0", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_7610:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_7610_firmware:1.0.4:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.4", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_5310_2-in-1_firmware:1.7.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_5310_2-in-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_15_5518_firmware:2.1.0_a06:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.0_a06", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_15_5518:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5402:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5402_firmware:1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_7560_firmware:1.1.2:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.2", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_7560:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_15_7510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_15_7510_firmware:1.0.4:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.4", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5300_firmware:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:vostro_5502_firmware:1.5.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:vostro_5502:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:g15_5510_firmware:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:g15_5510:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:precision_5550:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:precision_5550_firmware:1.8.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.1", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:optiplex_7090_uff_firmware:1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.2.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:optiplex_7090_uff:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_5411_firmware:1.6.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.6.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_5411:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:alienware_m15_r6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:alienware_m15_r6_firmware:1.3.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.3.3", "vulnerable": true}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:latitude_7320_detachable_firmware:1.4.0_a04:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4.0_a04", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:latitude_7320_detachable:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:optiplex_3280_all-in-one_firmware:1.7.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.7.0", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:optiplex_3280_all-in-one:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:inspiron_5301_firmware:1.8.1:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.8.1", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:inspiron_5301:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}]}, "extraReferences": [{"name": "N/A", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000188682"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 6.0}, "cpe23": ["cpe:2.3:o:dell:g3_3500_firmware:1.9.0:*:*:*:*:*:*:*"], "cwe": ["CWE-787"], "scheme": null}, {"bulletinFamily": "NVD", "hash": "6a0ace8cdb63863b470e6561269f441d83851201520bc6a55e7930a925c15e3a", "id": "CVE-2014-2595", "lastseen": "2021-04-22T23:44:08", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "cvelist": ["CVE-2014-2595"], "viewCount": 73, "modified": "2020-02-20T15:55:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "edition": 8, "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-13T14:29:47", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-13T14:29:47", "value": 6.9, "vector": "NONE"}}, "hash": "0d148bb322c927927cf5c8adaba4daf0d811bf2bee4917f93ca62ca2f942333e", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23075837e6c728c8f0077b2ae5d5ee7f", "key": "modified"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-13T14:29:47", "modified": "2020-02-12T13:07:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["cpe23", "cvss", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-13T14:29:47"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-02-12T14:27:29", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-12T14:27:29", "value": 6.9, "vector": "NONE"}}, "hash": "6ccf8f84237981876cda9914b348e4e11c8972875cdf630f59422732f1ea69ba", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-12T14:27:29", "modified": "2020-02-12T01:15:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["modified"], "edition": 2, "lastseen": "2020-02-12T14:27:29"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-10-03T12:01:15", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-10-03T12:01:15", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [], "hash": "65fabd8c3b92ccbba797b3dfba517234b9e0e8bc2464531f2cd64047dd457870", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-10-03T12:01:15", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 56}, "differentElements": ["extraReferences"], "edition": 6, "lastseen": "2020-10-03T12:01:15"}, {"bulletin": {"affectedSoftware": [{"name": "barracuda web_application_firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-02-21T13:06:26", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-02-21T13:06:26", "rev": 2, "value": 6.9, "vector": "NONE"}}, "hash": "4423bdd8d6936961112ee89e752cf7c866f443470052f4a4ac3529b4be6ae18f", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}, {"hash": "ee2d931efb4c4fa7a1a321df76c0b838", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-21T13:06:26", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 47}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 4, "lastseen": "2020-02-21T13:06:26"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "enchantments": {"dependencies": {"modified": "2021-02-02T06:14:28", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2021-02-02T06:14:28", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "hash": "d6e72c33ebf3accfe25046812d0b1e7698f2d37c9159defa7c7bda26e2ab359b", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "073d5951cb97bd54baf9ef00e5950ef4", "key": "extraReferences"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "immutableFields": [], "lastseen": "2021-02-02T06:14:28", "modified": "2020-02-20T15:55:00", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 60}, "different_elements": ["cpeConfiguration"], "edition": 7, "lastseen": "2021-02-02T06:14:28"}], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13887", "SECURITYVULNS:DOC:31004"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127740"]}, {"type": "exploitdb", "idList": ["EDB-ID:39278"]}], "modified": "2021-04-22T23:44:08", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-04-22T23:44:08", "rev": 2}}, "type": "cve", "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a97b191a26cb922c0b82d26c5f04f4db"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "832b9c21b4589969549f63eb0724398c"}, {"key": "cpe23", "hash": "405ecfc0fb244283a2773863614145bf"}, {"key": "cpeConfiguration", "hash": "238f536d7ccbcb60d24ab76ed2548b8b"}, {"key": "cvelist", "hash": "afd8c4a8002c25596504fc1efc107886"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "86870277fcb3e3e121fe9e4f1f7c2b51"}, {"key": "description", "hash": "584cd9e6927eaaa814c6545414f09911"}, {"key": "extraReferences", "hash": "073d5951cb97bd54baf9ef00e5950ef4"}, {"key": "href", "hash": "756bd44ad36e62b951b7a08611cbd3f5"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "92ee34fefd5301ff6ccb77b813c8d4f8"}, {"key": "published", "hash": "6c607768196e3786ab17cb3a6e516cad"}, {"key": "references", "hash": "cf46dbeffc0c7dc51130bcd388b4459a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "bc7f8fc71017e1124d57947313af5643"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "scheme": null, "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cwe": ["CWE-613"], "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "immutableFields": []}, {"id": "CVE-2008-7273", "bulletinFamily": "NVD", "title": "CVE-2008-7273", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "published": "2019-11-18T22:15:00", "modified": "2019-11-20T15:56:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "cvelist": ["CVE-2008-7273"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedSoftware": [{"name": "getfiregpg iceweasel-firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:iceweasel-firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-12-18T13:57:06", "references": [], "rev": 2}, "score": {"modified": "2019-12-18T13:57:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "d61e8c253c1f5d35ed5977532afcfe58d323a03057be4323e8c19bd7bed39d26", "hashmap": [{"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "3e1e24cf5fed13b85f5534cb239a1044", "key": "cpe"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4464888dd8ea79b7344278e86594f061", "key": "affectedSoftware"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2019-12-18T13:57:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2019-12-18T13:57:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "557fd4cb813bf4897b5fdca93f953d2fe22dd9fed46f9a924ed2d03719983a4f", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-09-21T13:59:22", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "enchantments": {"dependencies": {"modified": "2020-12-09T19:28:28", "references": [], "rev": 2}, "score": {"modified": "2020-12-09T19:28:28", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [], "hash": "3f2537e658f4240fe6f7df8e451ce685d2ca8ba79fbda529c1842e690c507e37", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-12-09T19:28:28", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 76}, "differentElements": ["extraReferences"], "edition": 7, "lastseen": "2020-12-09T19:28:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-10-03T11:51:06", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T11:51:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "3f49259ae0555553bcbf3433a53f5984d6de287f6d865e78b449bda3b88b8ea7", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-10-03T11:51:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 72}, "differentElements": ["affectedSoftware"], "edition": 5, "lastseen": "2020-10-03T11:51:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "hash": "5b731cb69531a1a4f440c98e6086aef32b59d25a21b3e795f6d21cdd0acb5966", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "85fdbb6779c8f53457b03e4617cac1fd", "key": "extraReferences"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2019-11-20T15:56:00", "objectVersion": "1.5", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 78}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "2323c5f10ea99bff6a3fd88adbf7723c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "b37293c28011cded7e6cea212cc908fa"}, {"key": "cvelist", "hash": "9c6958cd5dd022a438c0a93346bb7717"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "cvss2", "hash": "a6adb76bd2d2e833d4aee455da4b36c3"}, {"key": "cvss3", "hash": "beb519effad5780952ea4ce1697a49ad"}, {"key": "cwe", "hash": "c92f044c94e4360fec268c45081f3bc6"}, {"key": "description", "hash": "f427291f843f1948956af8f0777cb86f"}, {"key": "extraReferences", "hash": "85fdbb6779c8f53457b03e4617cac1fd"}, {"key": "href", "hash": "b066b40875680d07f9f9912048360029"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "368a4092894f1320c5eb8d6f1746c872"}, {"key": "published", "hash": "d1c394bb6e6939e65900ac8652bcb35f"}, {"key": "references", "hash": "d613e2c86955266b0d3e0b9be74eae16"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5a3d95049ed4485340188fd46566963d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d695debc34a1657f10acd9dd2989cff4ec01e7bd03c81d546ca7db279f9ade48", "viewCount": 85, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 1.2, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-59"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "immutableFields": []}, {"id": "CVE-2008-7272", "bulletinFamily": "NVD", "title": "CVE-2008-7272", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "published": "2019-11-08T00:15:00", "modified": "2020-02-10T21:16:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "cvelist": ["CVE-2008-7272"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "f6701a04d3477e440e72324b648d7646a2f9466e07e83e341707bb314aec84a0", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-09-21T13:59:22", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-11T14:25:16", "references": [], "rev": 2}, "score": {"modified": "2020-02-11T14:25:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "a5439a88032d0d96d6b3b175c5bb2652a08a5ac9dd8565abd675e989e312c52e", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-02-11T14:25:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-11T14:25:16"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-11-15T19:55:37", "references": []}, "score": {"modified": "2019-11-15T19:55:37", "value": 2.4, "vector": "NONE"}}, "hash": "05a389bab8cb239109f07a53e4f0a9c76cc24d31548b23dfad15c1385b48f5a5", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "b0552313c96be75e9ec1c10adb56b096", "key": "modified"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "240c2c1dd6f5cc5cbeb07774547c6c2b", "key": "description"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2019-11-15T19:55:37", "modified": "2019-11-14T14:28:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 2}, "differentElements": ["description", "modified"], "edition": 2, "lastseen": "2019-11-15T19:55:37"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 2.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "hash": "feff88852d5f44ef4f736cb629de97022a0e3f23b99e0deec3d9ee5daaa7d8df", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "4847e3110691b6a6a4c7664c0f127f70", "key": "extraReferences"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2020-02-10T21:16:00", "objectVersion": "1.5", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 19}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-11-29T22:56:16", "references": [], "rev": 2}, "score": {"modified": "2020-11-29T22:56:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "20ae55db346f6babbeac989b07a5b26e855e45e42cfda6773d64bbcb84e4ef79", "hashmap": [{"hash": "d647e62c83e294ffd6f56a7c761beece", "key": "affectedSoftware"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-11-29T22:56:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 15}, "differentElements": ["affectedSoftware"], "edition": 6, "lastseen": "2020-11-29T22:56:16"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a0acab3127efc281e78e28b6a414532c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "77e03828e2d6f83f8fa932acfe8daff3"}, {"key": "cvelist", "hash": "767e67f900c3effb5b550959d21fb12e"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "9bc143c7676b7e5a3fd9537d7507310b"}, {"key": "cvss3", "hash": "cd391b15e7a01ae2bbfcca256d89bfb8"}, {"key": "cwe", "hash": "92c16862fafe4d9eb26185434339836e"}, {"key": "description", "hash": "95669953499c0eb40b242611dfbe75d4"}, {"key": "extraReferences", "hash": "4847e3110691b6a6a4c7664c0f127f70"}, {"key": "href", "hash": "9258b012e591cc93a7c6b0cd1b5c6b05"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "3c75b36a7f1966a251dbe6148b866f97"}, {"key": "published", "hash": "1162e82aa1c980ee7ebee4af4c99369c"}, {"key": "references", "hash": "54b0c94164bf625d039c58f14cd4c116"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5db042f8057f3f288fe9cd4213121eb2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f34f5d089606f7d870ccc28642bf61f774619d905673726848fc15f3a6590575", "viewCount": 25, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-312"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "immutableFields": []}, {"id": "CVE-2015-9286", "bulletinFamily": "NVD", "title": "CVE-2015-9286", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "published": "2019-04-30T14:29:00", "modified": "2019-05-01T14:22:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "reporter": "cve@mitre.org", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "cvelist": ["CVE-2015-9286"], "type": "cve", "lastseen": "2021-04-22T23:51:50", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:21:32", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2021-02-02T06:21:32", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "hash": "e0413d958386f6534538918bca2249dcc4f383174e07b3bfd828fd87bab2fae7", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "db8254901fea804d4d910fc508c1be32", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "immutableFields": [], "lastseen": "2021-02-02T06:21:32", "modified": "2019-05-01T14:22:00", "objectVersion": "1.5", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 10}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:21:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:09:33", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-09-21T14:09:33", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "e856f7b9491cefcc50723678fc0433f12f7c6ae1abe16d206957fd00f74aa6e1", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-09-21T14:09:33", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 4}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:09:33"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T20:03:10", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-12-09T20:03:10", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [], "hash": "48b94d9acf0e692c61f3d939f819f0ddba91180b8a5c7286e7edbacc4207d0ed", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-12-09T20:03:10", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 6}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T20:03:10"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-30T00:13:43", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-11-30T00:13:43", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "6fe52c24d63e23f00822e673ee4063d867fb4719b46c47ea85a6bfe1400fe129", "hashmap": [{"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "71d5df73a226d76c990527e0ca95c8d8", "key": "affectedSoftware"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-11-30T00:13:43", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-30T00:13:43"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T12:49:59", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-10-03T12:49:59", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "a933ff7201764471adcb8ac53cabee44c82a081f537a97f7fcd01cbed62795ec", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-10-03T12:49:59", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T12:49:59"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "cabb6b89504f33d4cae5fb66665d6372"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "f9e1afb4d3a36011638be68c9582e6b5"}, {"key": "cvelist", "hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "4419eb17de947d4d6b67ac07ed8d9064"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "7bcda725e0fe4634bd741d18870efc86"}, {"key": "extraReferences", "hash": "db8254901fea804d4d910fc508c1be32"}, {"key": "href", "hash": "0ac6deaa5a07331e3db4762cb458fde6"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "8e5a048329755897094215f117301c63"}, {"key": "published", "hash": "4d53af7f522025f16113d72d1dd86a79"}, {"key": "references", "hash": "dac3bc07a427ceea0c7680630fcafbdf"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6e87bbaab34c901324df8e163b451120"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "6e9080b6a871ad58f0d05298373de4fe9c9158a2d86ff7f1a34e720d353d3e7b", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-72FV-QGJ6-2W2P"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32625"]}], "modified": "2021-04-22T23:51:50", "rev": 2}, "score": {"value": 1.4, "vector": "NONE", "modified": "2021-04-22T23:51:50", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "immutableFields": []}], "thn": [{"id": "THN:4550628882A8CE6800C295FA8372B47F", "hash": "57d42f2b8af697fad4d17403a6227d97", "type": "thn", "bulletinFamily": "info", "title": "BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models", "description": "[](<https://thehackernews.com/images/-AYvl65gpkT4/YNRcfWXgT-I/AAAAAAAAC-s/tytn7xlkjfMItj6amgfzAoivz4vwBmmiACLcBGAsYHQ/s0/hacking-dell-computers.jpg>)\n\nCybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device.\n\n\"As the attacker has the ability to remotely execute code in the pre-boot environment, this can be used to subvert the operating system and undermine fundamental trust in the device,\" researchers from enterprise device security firm Eclypsium [said](<https://eclypsium.com/2021/06/24/biosdisconnect/>). \"The virtually unlimited control over a device that this attack can provide makes the fruit of the labor well worth it for the attacker.\"\n\n[](<https://go.thn.li/1-free-728-9> \"Stack Overflow Teams\" )\n\nIn all, the flaws affect 128 Dell models spanning across consumer and business laptops, desktops, and tablets, totalling an estimated 30 million individual devices. Worse, the weaknesses also impact computers that have [Secure Boot](<https://www.dell.com/support/kbdoc/000145423/secure-boot-overview>) enabled, a security feature designed to prevent [rootkits from being installed](<https://thehackernews.com/2020/10/uefi-bootkit-malware.html>) at boot time in memory.\n\n[BIOSConnect](<https://www.dell.com/support/kbdoc/000177771/using-biosconnect-to-recover-supportassist-os-recovery-partition>) offers network-based boot recovery, allowing the BIOS to connect to Dell's backend servers via HTTPS to download an operating system image, thereby enabling users to recover their systems when the local disk image is corrupted, replaced, or absent.\n\nSuccessful exploitation of the flaws could mean loss of device integrity, what with the attacker capable of remotely executing malicious code in the pre-boot environment that could alter the initial state of the operating system and break OS-level security protections.\n\nThe four flaws have a cumulative severity rating of 8.3 when chained together \u2014\n\n * **CVE-2021-21571** (CVSS score: 5.9) - Dell UEFI BIOS HTTPS stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. An unauthenticated remote attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and payload tampering.\n * **CVE-2021-21572, CVE-2021-21573, and CVE-2021-21574** (CVSS score: 7.2) - Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.\n\nThe combination of remote exploitation as well the ability to gain control over the most privileged code on the device could make such vulnerabilities a lucrative target for attackers, the researchers said.\n\n[](<https://go.thn.li/auth_300> \"Enterprise Password Management\" )\n\nThe issues were reported to Dell by the Oregon-based company on March 3, following which server-side updates were rolled out on May 28 to remediate CVE-2021-21573 and CVE-2021-21574. Dell has also [released client-side BIOS firmware updates](<https://www.dell.com/support/kbdoc/000188682>) to address the remaining two flaws.\n\nAdditionally, the PC maker has released workarounds to disable both the BIOSConnect and HTTPS Boot features for customers who are unable to apply the patches immediately.\n\n\"Successfully compromising the BIOS of a device would give an attacker a high degree of control over a device,\" Eclypsium researchers said. \"The attacker could control the process of loading the host operating system and disable protections in order to remain undetected. This would allow an attacker to establish ongoing persistence while controlling the highest privileges on the device.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-06-24T10:24:00", "modified": "2021-06-25T03:04:37", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://thehackernews.com/2021/06/bios-disconnect-new-high-severity-flaws.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2021-21571", "CVE-2021-21572", "CVE-2021-21573", "CVE-2021-21574"], "immutableFields": [], "lastseen": "2021-06-25T04:32:04", "history": [{"bulletin": {"id": "THN:4550628882A8CE6800C295FA8372B47F", "hash": "a5937211566242c746e5e9148b9c6202", "type": "thn", "bulletinFamily": "info", "title": "BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models", "description": "[](<https://thehackernews.com/images/-AYvl65gpkT4/YNRcfWXgT-I/AAAAAAAAC-s/tytn7xlkjfMItj6amgfzAoivz4vwBmmiACLcBGAsYHQ/s0/hacking-dell-computers.jpg>)\n\nCybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device.\n\n\"As the attacker has the ability to remotely execute code in the pre-boot environment, this can be used to subvert the operating system and undermine fundamental trust in the device,\" researchers from enterprise device security firm Eclypsium [said](<https://eclypsium.com/2021/06/24/biosdisconnect/>). \"The virtually unlimited control over a device that this attack can provide makes the fruit of the labor well worth it for the attacker.\"\n\n[](<https://go.thn.li/1-free-300-9> \"Stack Overflow Teams\" )\n\nIn all, the flaws affect 128 Dell models spanning across consumer and business laptops, desktops, and tablets, totalling an estimated 30 million individual devices. Worse, the weaknesses also impact computers that have [Secure Boot](<https://www.dell.com/support/kbdoc/000145423/secure-boot-overview>) enabled, a security feature designed to prevent [rootkits from being installed](<https://thehackernews.com/2020/10/uefi-bootkit-malware.html>) at boot time in memory.\n\n[BIOSConnect](<https://www.dell.com/support/kbdoc/000177771/using-biosconnect-to-recover-supportassist-os-recovery-partition>) offers network-based boot recovery, allowing the BIOS to connect to Dell's backend servers via HTTPS to download an operating system image, thereby enabling users to recover their systems when the local disk image is corrupted, replaced, or absent.\n\nSuccessful exploitation of the flaws could mean loss of device integrity, what with the attacker capable of remotely executing malicious code in the pre-boot environment that could alter the initial state of the operating system and break OS-level security protections.\n\nThe list of four flaws uncovered by Eclypsium is as follows \u2014\n\n * **CVE-2021-21571** \\- Insecure TLS connection from BIOS to Dell, allowing a bad actor to stage a impersonate Dell.com and delivery malicious code back to the victim's device\n * **CVE-2021-21572, CVE-2021-21573, and CVE-2021-21574** \\- Overflow vulnerabilities enabling arbitrary code execution\n\nThe combination of remote exploitation as well the ability to gain control over the most privileged code on the device could make such vulnerabilities a lucrative target for attackers, the researchers said.\n\n[](<https://go.thn.li/auth_728> \"Enterprise Password Management\" )\n\nThe issues were reported to Dell by the Oregon-based company on March 3, following which server-side updates were rolled out on May 28 to remediate CVE-2021-21573 and CVE-2021-21574. Dell has also [released client-side BIOS firmware updates](<https://www.dell.com/support/kbdoc/000188682>) to address the remaining two flaws.\n\nAdditionally, the PC maker has released workarounds to disable both the BIOSConnect and HTTPS Boot features for customers who are unable to apply the patches immediately.\n\n\"Successfully compromising the BIOS of a device would give an attacker a high degree of control over a device,\" Eclypsium researchers said. \"The attacker could control the process of loading the host operating system and disable protections in order to remain undetected. This would allow an attacker to establish ongoing persistence while controlling the highest privileges on the device.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-06-24T10:24:00", "modified": "2021-06-24T10:29:57", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://thehackernews.com/2021/06/bios-disconnect-new-high-severity-flaws.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2021-21571", "CVE-2021-21572", "CVE-2021-21573", "CVE-2021-21574"], "immutableFields": [], "lastseen": "2021-06-24T10:32:04", "history": [], "viewCount": 44, "enchantments": {"dependencies": {"references": [{"type": "threatpost", "idList": ["THREATPOST:21DEB20ED3F651F477BD38ECDF58B94B"]}], "modified": "2021-06-24T10:32:04", "rev": 2}, "score": {"value": 2.5, "vector": "NONE", "modified": "2021-06-24T10:32:04", "rev": 2}}, "objectVersion": "1.5"}, "lastseen": "2021-06-24T10:32:04", "differentElements": ["description", "modified"], "edition": 1}], "viewCount": 48, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["DELL_BIOS_DSA-2021-106.NASL"]}, {"type": "cve", "idList": ["CVE-2021-21572", "CVE-2021-21574", "CVE-2021-21573", "CVE-2021-21571"]}, {"type": "threatpost", "idList": ["THREATPOST:21DEB20ED3F651F477BD38ECDF58B94B"]}], "modified": "2021-06-25T04:32:04", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-06-25T04:32:04", "rev": 2}}, "objectVersion": "1.5", "_object_type": "robots.models.thn.ThnBulletin", "_object_types": ["robots.models.thn.ThnBulletin", "robots.models.base.Bulletin"], "cvss2": {}, "cvss3": {}}], "threatpost": [{"id": "THREATPOST:21DEB20ED3F651F477BD38ECDF58B94B", "hash": "6bfb8aa2ee6186ecdcd31e92e19e0d1b", "type": "threatpost", "bulletinFamily": "info", "title": "30M Dell Devices at Risk for Remote BIOS Attacks, RCE", "description": "UPDATE\n\nA high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide.\n\nAccording to an analysis from Eclypsium, the bugs affect 129 models of laptops, tablet and desktops, including enterprise and consumer devices, that are protected by Secure Boot. Secure Boot is a security standard aimed at making sure that a device boots using only software that is trusted by the device original equipment manufacturer (OEM), to prevent rogue takeovers.\n\nThe bugs allow privileged network adversaries to circumvent Secure Boot protections, control the device\u2019s boot process, and subvert the operating system and higher-layer security controls, researchers at Eclypsium said on Thursday. They carry a cumulative CVSS score of 8.3 out of 10.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nSpecifically, the issues affect the BIOSConnect feature within Dell SupportAssist (a technical support solution that comes preinstalled on most Windows-based Dell machines). BIOSConnect is used to perform remote OS recoveries or to update the firmware on the device.\n\n\u201cTechnology vendors of all types are increasingly implementing over-the-air update processes to make it as easy as possible for their customers to keep their firmware up to date and recover from system failures,\u201d researchers noted [in an analysis](<https://www.eclypsium.com/2021/06/24/biosdisconnect/.>). \u201cAnd while this is a valuable option, any vulnerabilities in these processes, such as those we\u2019ve seen here in Dell\u2019s BIOSConnect, can have serious consequences.\u201d\n\nThe report noted that the specific vulnerabilities allow an attacker to remotely exploit the UEFI firmware of a host and gain control over the most privileged code on the device.\n\n\u201cThis combination of remote exploitability and high privileges will likely make remote update functionality an alluring target for attackers in the future,\u201d the report concluded.\n\n## **Insecure TLS Connection: Impersonating Dell **\n\nThe first vulnerability (CVE-2021-21571) is the beginning of a chain that can lead to remote code execution (RCE).\n\nWhen BIOSConnect attempts to connect to the backend Dell HTTP server to perform a remote update or recovery, it enables the system\u2019s BIOS (the firmware used to perform hardware initialization during the booting process) to reach out to Dell backend services over the internet. Then, it coordinates an update or recovery process.\n\nThe issue is that the TLS connection used to connect BIOS to the backend servers will accept any valid wildcard certificate, Eclypsium researchers said. So, an attacker with a privileged network position can intercept that connection, impersonate Dell and deliver attacker-controlled content back to the victim device.\n\n\u201cThe process of verifying the certificate for dell.com is done by first retrieving the DNS record from the hard-coded server 8.8.8.8, then establishing a connection to [Dell\u2019s download site],\u201d according to the analysis. \u201cHowever, any valid wildcard certificate issued by any of the built-in Certificate Authorities contained within the BIOSConnect feature in BIOS will satisfy the secure connection condition, and BIOSConnect will proceed to retrieve the relevant files. The bundle of CA root certificates in the BIOS image was sourced from Mozilla\u2019s root certificate file (certdata.txt).\u201d\n\n## **Overflow Vulnerabilities Enabling Arbitrary Code Execution**\n\nOnce this first \u201cgatekeeper\u201d bug is exploited to deliver malicious content back to the victim machine, attackers then have a choice of three distinct and independent overflow vulnerabilities (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574), any of which can be used to gain pre-boot RCE on the target device, researchers said.\n\nTwo of the vulnerabilities affect the OS recovery process, while the third affects the firmware update process, according to Eclypsium, which isn\u2019t releasing further technical details yet.\n\n\n\nThe attack scenario: Click to enlarge. Source: Eclypsium\n\nAny attack scenario would require an attacker to be able to redirect the victim\u2019s traffic, such as via a machine-in-the-middle (MITM) attack \u2013 something that\u2019s not much of a barrier, researchers said.\n\n\u201cMachine-in-the-middle attacks are a relatively low bar to sophisticated attackers, with techniques such as ARP spoofing and [DNS cache poisoning](<https://threatpost.com/dnspooq-flaws-allow-dns-hijacking-of-millions-of-devices/163163/>) being well-known and easily automated,\u201d according to the report. \u201cAdditionally, [enterprise VPNs](<https://threatpost.com/sonicwall-botches-critical-vpn-bug/167152/>) and other network devices have become a top target of attackers, and flaws in these devices can allow attackers to redirect traffic. And finally, end-users working from home are increasingly reliant on SOHO networking gear. Vulnerabilities are quite common in these types of consumer-grade networking devices and have been exploited in widespread campaigns.\u201d\n\nThe groundwork effort to carry out an attack is likely a positive tradeoff for cybercriminals, given that a successful compromise of the BIOS of a device would allow attackers to establish ongoing persistence while controlling the highest privileges on the device. This is because they would control the process of loading the host operating system, and would be able to disable protections in order to remain undetected, the report noted.\n\n\u201cThe virtually unlimited control over a device that this attack can provide makes the fruit of the labor well worth it for the attacker,\u201d Eclypsium researchers said.\n\n## **Dell Issues Patches**\n\nDell has now pushed out patches for BIOS on all of the affected systems. For details, refer to [its advisory](<https://www.dell.com/support/kbdoc/000188682>).\n\n\u201cIt is advisable to run the BIOS update executable from the OS after manually checking the hashes against those published by Dell,\u201d Eclypsium recommended, rather than relying on BIOSConnect to apply BIOS updates.\n\n_**This article was updated at 9:30 a.m. on June 25, to reflect that all patches have now been issued.**_\n\n**Join Threatpost for \u201c**[**Tips and Tactics for Better Threat Hunting**](<https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar>)**\u201d \u2014 a LIVE event on **[**Wed., June 30 at 2:00 PM ET**](<https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar>)** in partnership with Palo Alto Networks. Learn from Palo Alto\u2019s Unit 42 experts the best way to hunt down threats and how to use automation to help. **[**Register HERE**](<https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar>)** for free!**\n", "published": "2021-06-24T10:00:42", "modified": "2021-06-24T10:00:42", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}, "href": "https://threatpost.com/dell-bios-attacks-rce/167195/", "reporter": "Tara Seals", "references": ["https://threatpost.com/newsletter-sign/", "https://www.eclypsium.com/2021/06/24/biosdisconnect/.", "https://threatpost.com/dnspooq-flaws-allow-dns-hijacking-of-millions-of-devices/163163/", "https://threatpost.com/sonicwall-botches-critical-vpn-bug/167152/", "https://www.dell.com/support/kbdoc/000188682", "https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar", "https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar", "https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar"], "cvelist": ["CVE-2020-3580", "CVE-2021-21571", "CVE-2021-21572", "CVE-2021-21573", "CVE-2021-21574"], "immutableFields": [], "lastseen": "2021-06-25T16:24:51", "history": [{"bulletin": {"id": "THREATPOST:21DEB20ED3F651F477BD38ECDF58B94B", "hash": "a6e4d8e59c9d1a749f9387b2bec9f044", "type": "threatpost", "bulletinFamily": "info", "title": "30M Dell Devices at Risk for Remote BIOS Attacks, RCE", "description": "A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide.\n\nAccording to an analysis from Eclypsium, the bugs affect 129 different models of laptops, tablet and desktops, including enterprise and consumer devices, that are protected by Secure Boot. Secure Boot is a security standard aimed at making sure that a device boots using only software that is trusted by the device original equipment manufacturer (OEM), to prevent rogue takeovers.\n\nThe bugs allow privileged network adversaries to circumvent Secure Boot protections, control the device\u2019s boot process and subvert the operating system and higher-layer security controls, researchers at Eclypsium said on Thursday. They carry a cumulative CVSS score of 8.3 out of 10.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nSpecifically, the issues affect the BIOSConnect feature within Dell SupportAssist (a technical support solution that comes preinstalled on most Windows-based Dell machines). BIOSConnect is used to perform remote OS recoveries or to update the firmware on the device.\n\n\u201cTechnology vendors of all types are increasingly implementing over-the-air update processes to make it as easy as possible for their customers to keep their firmware up to date and recover from system failures,\u201d researchers noted, [in an analysis](<https://www.eclypsium.com/2021/06/24/biosdisconnect/.>). \u201cAnd while this is a valuable option, any vulnerabilities in these processes, such as those we\u2019ve seen here in Dell\u2019s BIOSConnect, can have serious consequences.\u201d\n\nThe report noted that the specific vulnerabilities allow an attacker to remotely exploit the UEFI firmware of a host and gain control over the most privileged code on the device.\n\n\u201cThis combination of remote exploitability and high privileges will likely make remote update functionality an alluring target for attackers in the future,\u201d the report concluded.\n\n## **Insecure TLS Connection: Impersonating Dell **\n\nThe first vulnerability (CVE-2021-21571) is the beginning of a chain that can lead to remote code execution (RCE).\n\nWhen BIOSConnect attempts to connect to the backend Dell HTTP server to perform a remote update or recovery, it enables the system\u2019s BIOS (the firmware used to perform hardware initialization during the booting process) to reach out to Dell backend services over the internet. Then, it coordinates an update or recovery process.\n\nThe issue is that the TLS connection used to connect BIOS to the backend servers will accept any valid wildcard certificate, Eclypsium researchers said. So, an attacker with a privileged network position can intercept that connection, impersonate Dell and deliver attacker-controlled content back to the victim device.\n\n\u201cThe process of verifying the certificate for dell.com is done by first retrieving the DNS record from the hard-coded server 8.8.8.8, then establishing a connection to [Dell\u2019s download site],\u201d according to the analysis. \u201cHowever, any valid wildcard certificate issued by any of the built-in Certificate Authorities contained within the BIOSConnect feature in BIOS will satisfy the secure connection condition, and BIOSConnect will proceed to retrieve the relevant files. The bundle of CA root certificates in the BIOS image was sourced from Mozilla\u2019s root certificate file (certdata.txt).\u201d\n\n## **Overflow Vulnerabilities Enabling Arbitrary Code Execution**\n\nOnce this first \u201cgatekeeper\u201d bug is exploited to deliver malicious content back to the victim machine, attackers then have a choice of three distinct and independent overflow vulnerabilities (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574), any of which can be used to gain pre-boot RCE on the target device, researchers said.\n\nTwo of the vulnerabilities affect the OS recovery process, while the third affects the firmware update process, according to Eclypsium, which isn\u2019t releasing further technical details yet.\n\n\n\nThe attack scenario: Click to enlarge. Source: Eclypsium\n\nAny attack scenario would require an attacker to be able to redirect the victim\u2019s traffic, such as via a machine-in-the-middle (MITM) attack \u2013 something that\u2019s not much of a barrier, researchers said.\n\n\u201cMachine-in-the-middle attacks are a relatively low bar to sophisticated attackers, with techniques such as ARP spoofing and [DNS cache poisoning](<https://threatpost.com/dnspooq-flaws-allow-dns-hijacking-of-millions-of-devices/163163/>) being well-known and easily automated,\u201d according to the report. \u201cAdditionally, [enterprise VPNs](<https://threatpost.com/sonicwall-botches-critical-vpn-bug/167152/>) and other network devices have become a top target of attackers, and flaws in these devices can allow attackers to redirect traffic. And finally, end-users working from home are increasingly reliant on SOHO networking gear. Vulnerabilities are quite common in these types of consumer-grade networking devices and have been exploited in widespread campaigns.\u201d\n\nThe groundwork effort to carry out an attack is likely a positive tradeoff for cybercriminals, said, given that a successful compromise of the BIOS of a device would allow attackers to establish ongoing persistence while controlling the highest privileges on the device. This is because they would control the process of loading the host operating system, and would be able to disable protections in order to remain undetected, the report noted.\n\n\u201cThe virtually unlimited control over a device that this attack can provide makes the fruit of the labor well worth it for the attacker,\u201d Eclypsium researchers said.\n\n## **Dell Issues Patches**\n\nDell is starting to push out patches for BIOS on all of the affected systems, with most updates scheduled for Thursday, and others to follow in July, it said in [its advisory](<https://www.dell.com/support/kbdoc/000188682>).\n\n\u201cIt is advisable to run the BIOS update executable from the OS after manually checking the hashes against those published by Dell,\u201d Eclypsium recommended, rather than relying on BIOSConnect to apply BIOS updates.\n\n**Join Threatpost for \u201c**[**Tips and Tactics for Better Threat Hunting**](<https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar>)**\u201d \u2014 a LIVE event on **[**Wed., June 30 at 2:00 PM ET**](<https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar>)** in partnership with Palo Alto Networks. Learn from Palo Alto\u2019s Unit 42 experts the best way to hunt down threats and how to use automation to help. **[**Register HERE**](<https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar>)** for free!**\n", "published": "2021-06-24T10:00:42", "modified": "2021-06-24T10:00:42", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://threatpost.com/dell-bios-attacks-rce/167195/", "reporter": "Tara Seals", "references": ["https://threatpost.com/newsletter-sign/", "https://www.eclypsium.com/2021/06/24/biosdisconnect/.", "https://threatpost.com/dnspooq-flaws-allow-dns-hijacking-of-millions-of-devices/163163/", "https://threatpost.com/sonicwall-botches-critical-vpn-bug/167152/", "https://www.dell.com/support/kbdoc/000188682", "https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar", "https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar", "https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar"], "cvelist": ["CVE-2021-21571", "CVE-2021-21572", "CVE-2021-21573", "CVE-2021-21574"], "immutableFields": [], "lastseen": "2021-06-24T10:17:21", "history": [], "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "thn", "idList": ["THN:4550628882A8CE6800C295FA8372B47F"]}, {"type": "threatpost", "idList": ["THREATPOST:8B647363122969148DB6173D5DA44833", "THREATPOST:70ADDCF33645E0424EA606C8912FDDCF"]}], "modified": "2021-06-24T10:17:21", "rev": 2}, "score": {"value": 0.5, "vector": "NONE", "modified": "2021-06-24T10:17:21", "rev": 2}}, "objectVersion": "1.5"}, "lastseen": "2021-06-24T10:17:21", "differentElements": ["description"], "edition": 1}, {"bulletin": {"id": "THREATPOST:21DEB20ED3F651F477BD38ECDF58B94B", "hash": "6723857b3231335fb602463a4f5e9326", "type": "threatpost", "bulletinFamily": "info", "title": "30M Dell Devices at Risk for Remote BIOS Attacks, RCE", "description": "A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide.\n\nAccording to an analysis from Eclypsium, the bugs affect 129 models of laptops, tablet and desktops, including enterprise and consumer devices, that are protected by Secure Boot. Secure Boot is a security standard aimed at making sure that a device boots using only software that is trusted by the device original equipment manufacturer (OEM), to prevent rogue takeovers.\n\nThe bugs allow privileged network adversaries to circumvent Secure Boot protections, control the device\u2019s boot process, and subvert the operating system and higher-layer security controls, researchers at Eclypsium said on Thursday. They carry a cumulative CVSS score of 8.3 out of 10.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nSpecifically, the issues affect the BIOSConnect feature within Dell SupportAssist (a technical support solution that comes preinstalled on most Windows-based Dell machines). BIOSConnect is used to perform remote OS recoveries or to update the firmware on the device.\n\n\u201cTechnology vendors of all types are increasingly implementing over-the-air update processes to make it as easy as possible for their customers to keep their firmware up to date and recover from system failures,\u201d researchers noted [in an analysis](<https://www.eclypsium.com/2021/06/24/biosdisconnect/.>). \u201cAnd while this is a valuable option, any vulnerabilities in these processes, such as those we\u2019ve seen here in Dell\u2019s BIOSConnect, can have serious consequences.\u201d\n\nThe report noted that the specific vulnerabilities allow an attacker to remotely exploit the UEFI firmware of a host and gain control over the most privileged code on the device.\n\n\u201cThis combination of remote exploitability and high privileges will likely make remote update functionality an alluring target for attackers in the future,\u201d the report concluded.\n\n## **Insecure TLS Connection: Impersonating Dell **\n\nThe first vulnerability (CVE-2021-21571) is the beginning of a chain that can lead to remote code execution (RCE).\n\nWhen BIOSConnect attempts to connect to the backend Dell HTTP server to perform a remote update or recovery, it enables the system\u2019s BIOS (the firmware used to perform hardware initialization during the booting process) to reach out to Dell backend services over the internet. Then, it coordinates an update or recovery process.\n\nThe issue is that the TLS connection used to connect BIOS to the backend servers will accept any valid wildcard certificate, Eclypsium researchers said. So, an attacker with a privileged network position can intercept that connection, impersonate Dell and deliver attacker-controlled content back to the victim device.\n\n\u201cThe process of verifying the certificate for dell.com is done by first retrieving the DNS record from the hard-coded server 8.8.8.8, then establishing a connection to [Dell\u2019s download site],\u201d according to the analysis. \u201cHowever, any valid wildcard certificate issued by any of the built-in Certificate Authorities contained within the BIOSConnect feature in BIOS will satisfy the secure connection condition, and BIOSConnect will proceed to retrieve the relevant files. The bundle of CA root certificates in the BIOS image was sourced from Mozilla\u2019s root certificate file (certdata.txt).\u201d\n\n## **Overflow Vulnerabilities Enabling Arbitrary Code Execution**\n\nOnce this first \u201cgatekeeper\u201d bug is exploited to deliver malicious content back to the victim machine, attackers then have a choice of three distinct and independent overflow vulnerabilities (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574), any of which can be used to gain pre-boot RCE on the target device, researchers said.\n\nTwo of the vulnerabilities affect the OS recovery process, while the third affects the firmware update process, according to Eclypsium, which isn\u2019t releasing further technical details yet.\n\n\n\nThe attack scenario: Click to enlarge. Source: Eclypsium\n\nAny attack scenario would require an attacker to be able to redirect the victim\u2019s traffic, such as via a machine-in-the-middle (MITM) attack \u2013 something that\u2019s not much of a barrier, researchers said.\n\n\u201cMachine-in-the-middle attacks are a relatively low bar to sophisticated attackers, with techniques such as ARP spoofing and [DNS cache poisoning](<https://threatpost.com/dnspooq-flaws-allow-dns-hijacking-of-millions-of-devices/163163/>) being well-known and easily automated,\u201d according to the report. \u201cAdditionally, [enterprise VPNs](<https://threatpost.com/sonicwall-botches-critical-vpn-bug/167152/>) and other network devices have become a top target of attackers, and flaws in these devices can allow attackers to redirect traffic. And finally, end-users working from home are increasingly reliant on SOHO networking gear. Vulnerabilities are quite common in these types of consumer-grade networking devices and have been exploited in widespread campaigns.\u201d\n\nThe groundwork effort to carry out an attack is likely a positive tradeoff for cybercriminals, given that a successful compromise of the BIOS of a device would allow attackers to establish ongoing persistence while controlling the highest privileges on the device. This is because they would control the process of loading the host operating system, and would be able to disable protections in order to remain undetected, the report noted.\n\n\u201cThe virtually unlimited control over a device that this attack can provide makes the fruit of the labor well worth it for the attacker,\u201d Eclypsium researchers said.\n\n## **Dell Issues Patches**\n\nDell is starting to push out patches for BIOS on all of the affected systems, with most updates scheduled for Thursday and others to follow in July, it said in [its advisory](<https://www.dell.com/support/kbdoc/000188682>).\n\n\u201cIt is advisable to run the BIOS update executable from the OS after manually checking the hashes against those published by Dell,\u201d Eclypsium recommended, rather than relying on BIOSConnect to apply BIOS updates.\n\n**Join Threatpost for \u201c**[**Tips and Tactics for Better Threat Hunting**](<https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar>)**\u201d \u2014 a LIVE event on **[**Wed., June 30 at 2:00 PM ET**](<https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar>)** in partnership with Palo Alto Networks. Learn from Palo Alto\u2019s Unit 42 experts the best way to hunt down threats and how to use automation to help. **[**Register HERE**](<https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar>)** for free!**\n", "published": "2021-06-24T10:00:42", "modified": "2021-06-24T10:00:42", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://threatpost.com/dell-bios-attacks-rce/167195/", "reporter": "Tara Seals", "references": ["https://threatpost.com/newsletter-sign/", "https://www.eclypsium.com/2021/06/24/biosdisconnect/.", "https://threatpost.com/dnspooq-flaws-allow-dns-hijacking-of-millions-of-devices/163163/", "https://threatpost.com/sonicwall-botches-critical-vpn-bug/167152/", "https://www.dell.com/support/kbdoc/000188682", "https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar", "https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar", "https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar"], "cvelist": ["CVE-2021-21571", "CVE-2021-21572", "CVE-2021-21573", "CVE-2021-21574"], "immutableFields": [], "lastseen": "2021-06-24T12:49:11", "history": [], "viewCount": 41, "enchantments": {"dependencies": {"references": [{"type": "thn", "idList": ["THN:4550628882A8CE6800C295FA8372B47F"]}, {"type": "cve", "idList": ["CVE-2021-21574", "CVE-2021-21571", "CVE-2021-21573", "CVE-2021-21572"]}, {"type": "threatpost", "idList": ["THREATPOST:70ADDCF33645E0424EA606C8912FDDCF", "THREATPOST:8B647363122969148DB6173D5DA44833"]}], "modified": "2021-06-24T12:49:11", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-06-24T12:49:11", "rev": 2}}, "objectVersion": "1.5"}, "lastseen": "2021-06-24T12:49:11", "differentElements": ["description"], "edition": 2}, {"bulletin": {"id": "THREATPOST:21DEB20ED3F651F477BD38ECDF58B94B", "hash": "f4e8b689af43e576e3aca876fdf92343", "type": "threatpost", "bulletinFamily": "info", "title": "30M Dell Devices at Risk for Remote BIOS Attacks, RCE", "description": "UPDATE\n\nA high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide.\n\nAccording to an analysis from Eclypsium, the bugs affect 129 models of laptops, tablet and desktops, including enterprise and consumer devices, that are protected by Secure Boot. Secure Boot is a security standard aimed at making sure that a device boots using only software that is trusted by the device original equipment manufacturer (OEM), to prevent rogue takeovers.\n\nThe bugs allow privileged network adversaries to circumvent Secure Boot protections, control the device\u2019s boot process, and subvert the operating system and higher-layer security controls, researchers at Eclypsium said on Thursday. They carry a cumulative CVSS score of 8.3 out of 10.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nSpecifically, the issues affect the BIOSConnect feature within Dell SupportAssist (a technical support solution that comes preinstalled on most Windows-based Dell machines). BIOSConnect is used to perform remote OS recoveries or to update the firmware on the device.\n\n\u201cTechnology vendors of all types are increasingly implementing over-the-air update processes to make it as easy as possible for their customers to keep their firmware up to date and recover from system failures,\u201d researchers noted [in an analysis](<https://www.eclypsium.com/2021/06/24/biosdisconnect/.>). \u201cAnd while this is a valuable option, any vulnerabilities in these processes, such as those we\u2019ve seen here in Dell\u2019s BIOSConnect, can have serious consequences.\u201d\n\nThe report noted that the specific vulnerabilities allow an attacker to remotely exploit the UEFI firmware of a host and gain control over the most privileged code on the device.\n\n\u201cThis combination of remote exploitability and high privileges will likely make remote update functionality an alluring target for attackers in the future,\u201d the report concluded.\n\n## **Insecure TLS Connection: Impersonating Dell **\n\nThe first vulnerability (CVE-2021-21571) is the beginning of a chain that can lead to remote code execution (RCE).\n\nWhen BIOSConnect attempts to connect to the backend Dell HTTP server to perform a remote update or recovery, it enables the system\u2019s BIOS (the firmware used to perform hardware initialization during the booting process) to reach out to Dell backend services over the internet. Then, it coordinates an update or recovery process.\n\nThe issue is that the TLS connection used to connect BIOS to the backend servers will accept any valid wildcard certificate, Eclypsium researchers said. So, an attacker with a privileged network position can intercept that connection, impersonate Dell and deliver attacker-controlled content back to the victim device.\n\n\u201cThe process of verifying the certificate for dell.com is done by first retrieving the DNS record from the hard-coded server 8.8.8.8, then establishing a connection to [Dell\u2019s download site],\u201d according to the analysis. \u201cHowever, any valid wildcard certificate issued by any of the built-in Certificate Authorities contained within the BIOSConnect feature in BIOS will satisfy the secure connection condition, and BIOSConnect will proceed to retrieve the relevant files. The bundle of CA root certificates in the BIOS image was sourced from Mozilla\u2019s root certificate file (certdata.txt).\u201d\n\n## **Overflow Vulnerabilities Enabling Arbitrary Code Execution**\n\nOnce this first \u201cgatekeeper\u201d bug is exploited to deliver malicious content back to the victim machine, attackers then have a choice of three distinct and independent overflow vulnerabilities (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574), any of which can be used to gain pre-boot RCE on the target device, researchers said.\n\nTwo of the vulnerabilities affect the OS recovery process, while the third affects the firmware update process, according to Eclypsium, which isn\u2019t releasing further technical details yet.\n\n\n\nThe attack scenario: Click to enlarge. Source: Eclypsium\n\nAny attack scenario would require an attacker to be able to redirect the victim\u2019s traffic, such as via a machine-in-the-middle (MITM) attack \u2013 something that\u2019s not much of a barrier, researchers said.\n\n\u201cMachine-in-the-middle attacks are a relatively low bar to sophisticated attackers, with techniques such as ARP spoofing and [DNS cache poisoning](<https://threatpost.com/dnspooq-flaws-allow-dns-hijacking-of-millions-of-devices/163163/>) being well-known and easily automated,\u201d according to the report. \u201cAdditionally, [enterprise VPNs](<https://threatpost.com/sonicwall-botches-critical-vpn-bug/167152/>) and other network devices have become a top target of attackers, and flaws in these devices can allow attackers to redirect traffic. And finally, end-users working from home are increasingly reliant on SOHO networking gear. Vulnerabilities are quite common in these types of consumer-grade networking devices and have been exploited in widespread campaigns.\u201d\n\nThe groundwork effort to carry out an attack is likely a positive tradeoff for cybercriminals, given that a successful compromise of the BIOS of a device would allow attackers to establish ongoing persistence while controlling the highest privileges on the device. This is because they would control the process of loading the host operating system, and would be able to disable protections in order to remain undetected, the report noted.\n\n\u201cThe virtually unlimited control over a device that this attack can provide makes the fruit of the labor well worth it for the attacker,\u201d Eclypsium researchers said.\n\n## **Dell Issues Patches**\n\nDell has now pushed out patches for BIOS on all of the affected systems. For details, refer to [its advisory](<https://www.dell.com/support/kbdoc/000188682>).\n\n\u201cIt is advisable to run the BIOS update executable from the OS after manually checking the hashes against those published by Dell,\u201d Eclypsium recommended, rather than relying on BIOSConnect to apply BIOS updates.\n\n_**This article was updated at 9:30 a.m. on June 25, to reflect that all patches have now been issued.**_\n\n**Join Threatpost for \u201c**[**Tips and Tactics for Better Threat Hunting**](<https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar>)**\u201d \u2014 a LIVE event on **[**Wed., June 30 at 2:00 PM ET**](<https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar>)** in partnership with Palo Alto Networks. Learn from Palo Alto\u2019s Unit 42 experts the best way to hunt down threats and how to use automation to help. **[**Register HERE**](<https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar>)** for free!**\n", "published": "2021-06-24T10:00:42", "modified": "2021-06-24T10:00:42", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://threatpost.com/dell-bios-attacks-rce/167195/", "reporter": "Tara Seals", "references": ["https://threatpost.com/newsletter-sign/", "https://www.eclypsium.com/2021/06/24/biosdisconnect/.", "https://threatpost.com/dnspooq-flaws-allow-dns-hijacking-of-millions-of-devices/163163/", "https://threatpost.com/sonicwall-botches-critical-vpn-bug/167152/", "https://www.dell.com/support/kbdoc/000188682", "https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar", "https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar", "https://threatpost.com/webinars/tips-and-tactics-for-better-threat-hunting/?utm_source=ART&utm_medium=ART&utm_campaign=June_PaloAltoNetworks_Webinar"], "cvelist": ["CVE-2021-21571", "CVE-2021-21572", "CVE-2021-21573", "CVE-2021-21574"], "immutableFields": [], "lastseen": "2021-06-25T13:50:20", "history": [], "viewCount": 41, "enchantments": {"dependencies": {"references": [{"type": "thn", "idList": ["THN:4550628882A8CE6800C295FA8372B47F"]}, {"type": "cve", "idList": ["CVE-2021-21572", "CVE-2021-21573", "CVE-2021-21574", "CVE-2021-21571"]}, {"type": "threatpost", "idList": ["THREATPOST:8B647363122969148DB6173D5DA44833", "THREATPOST:70ADDCF33645E0424EA606C8912FDDCF"]}], "modified": "2021-06-25T13:50:20", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-06-25T13:50:20", "rev": 2}}, "objectVersion": "1.5"}, "lastseen": "2021-06-25T13:50:20", "differentElements": ["cvelist", "cvss"], "edition": 3}], "viewCount": 54, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["CISCO-SA-ASA-XSS-MULTIPLE-FCB3VPZE.NASL", "DELL_BIOS_DSA-2021-106.NASL", "CISCO_ASA_CVE-2020-3580.NBIN", "CISCO-SA-ASAFTD-XSS-MULTIPLE-FCB3VPZE.NASL"]}, {"type": "thn", "idList": ["THN:4550628882A8CE6800C295FA8372B47F", "THN:E61FB01ED36F5A39FD247813F1A893BD"]}, {"type": "cve", "idList": ["CVE-2021-21572", "CVE-2021-21571", "CVE-2021-21573", "CVE-2020-3580", "CVE-2021-21574"]}, {"type": "attackerkb", "idList": ["AKB:6D848E58-548B-45BE-A600-D0B5780BEB50"]}, {"type": "hackerone", "idList": ["H1:1245048", "H1:1245055", "H1:1277389", "H1:1243650", "H1:1277383", "H1:1277392"]}, {"type": "threatpost", "idList": ["THREATPOST:A2AB7D9E07DE88E79BA713CE497B0784", "THREATPOST:70ADDCF33645E0424EA606C8912FDDCF", "THREATPOST:9AD64DC6BE4117F56E76B2BF8F28A597", "THREATPOST:CB4A70D64DFB759DFD6E7A4029D48E10", "THREATPOST:8B647363122969148DB6173D5DA44833", "THREATPOST:0499757784EF5DB6F115661A76B7C352", "THREATPOST:918D372641AFC01D7D36FE88D08ACA6E"]}, {"type": "cisco", "idList": ["CISCO-SA-ASAFTD-XSS-MULTIPLE-FCB3VPZE"]}, {"type": "avleonov", "idList": ["AVLEONOV:14D436977A1AFE4725A5CA01B44E33E9"]}], "modified": "2021-06-25T16:24:51", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-06-25T16:24:51", "rev": 2}}, "objectVersion": "1.5", "_object_type": "robots.models.threatpost.ThreatpostBulletin", "_object_types": ["robots.models.threatpost.ThreatpostBulletin", "robots.models.base.Bulletin"], "cvss2": {}, "cvss3": {}}], "securityvulns": [{"id": "SECURITYVULNS:VULN:14753", "bulletinFamily": "software", "title": "PHP security vulnerabilities", "description": "PHAR extension DoS.", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "type": "securityvulns", "lastseen": "2021-06-08T19:08:49", "history": [{"bulletin": {"affectedSoftware": [{"name": "PHP", "operator": "eq", "version": "5.6"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "PHAR extension DoS.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:10:03", "references": [{"idList": ["ALAS-2015-602", "ALAS-2015-601"], "type": "amazon"}, {"idList": ["CVE-2015-7803", "CVE-2015-7804"], "type": "cve"}, {"idList": ["H1:103990", "H1:104008"], "type": "hackerone"}, {"idList": ["SECURITYVULNS:DOC:32651"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310806649", "OPENVAS:1361412562310806648", "OPENVAS:703380", "OPENVAS:1361412562310120520", "OPENVAS:1361412562310842508", "OPENVAS:1361412562310807000", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310703380", "OPENVAS:1361412562310120396", "OPENVAS:1361412562311220191984"], "type": "openvas"}, {"idList": ["RHSA-2016:0457"], "type": "redhat"}, {"idList": ["SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1", "SUSE-SU-2016:1581-1"], "type": "suse"}, {"idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"], "type": "debian"}, {"idList": ["USN-2786-1"], "type": "ubuntu"}, {"idList": ["SSA-2016-034-04"], "type": "slackware"}, {"idList": ["GLSA-201606-10"], "type": "gentoo"}, {"idList": ["ALA_ALAS-2015-602.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "UBUNTU_USN-2786-1.NASL", "PHP_5_6_14.NASL", "SUSE_SU-2016-0284-1.NASL", "PHP_5_5_30.NASL", "SLACKWARE_SSA_2016-034-04.NASL", "OPENSUSE-2016-100.NASL", "ALA_ALAS-2015-601.NASL", "DEBIAN_DSA-3380.NASL"], "type": "nessus"}, {"idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"], "type": "freebsd"}, {"idList": ["F5:K17503", "SOL17503"], "type": "f5"}, {"idList": ["CLSA-2020:1605798462"], "type": "cloudlinux"}], "rev": 2}, "score": {"modified": "2018-08-31T11:10:03", "rev": 2, "value": 7.4, "vector": "NONE"}}, "hash": "5bebcb6b83df2b42d069178c1e9ea73c038f8703bc95cf2b81c683a8d0d17ff6", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "94aee96d0a33ff770af1ab8e308073f0", "key": "cvelist"}, {"hash": "c514412540c1e967450f03283e4ed180", "key": "references"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "5c799165d68e636bd0726587ae899c0d", "key": "description"}, {"hash": "6d2dcaed858380d54d5782ad38c55586", "key": "affectedSoftware"}, {"hash": "2c5cca82a8670da097919f6160833daf", "key": "reporter"}, {"hash": "b3b8db0e3c7acd6c3190db6f8e88e96b", "key": "href"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "modified"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "3a18a828bc11b79a70839be146b3b5a3", "key": "title"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "published"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "id": "SECURITYVULNS:VULN:14753", "immutableFields": [], "lastseen": "2018-08-31T11:10:03", "modified": "2015-11-02T00:00:00", "objectVersion": "1.5", "published": "2015-11-02T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "reporter": "BUGTRAQ", "title": "PHP security vulnerabilities", "type": "securityvulns", "viewCount": 212}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:10:03"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "1858c8bfb7eb8aace48fa57059397c29"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "94aee96d0a33ff770af1ab8e308073f0"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "5c799165d68e636bd0726587ae899c0d"}, {"key": "href", "hash": "b3b8db0e3c7acd6c3190db6f8e88e96b"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "c514412540c1e967450f03283e4ed180"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "3a18a828bc11b79a70839be146b3b5a3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "8859a40c26baff900b73dab92cbb6fd72e9b8dcbbd9acc6d613b18d55563796e", "viewCount": 222, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K17503", "SOL17503"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7803", "UB:CVE-2015-7804"]}, {"type": "cve", "idList": ["CVE-2015-7803", "CVE-2015-7804"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191984", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310806649", "OPENVAS:1361412562310120520", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562310703380", "OPENVAS:703380", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562310807000", "OPENVAS:1361412562310806648", "OPENVAS:1361412562310120396", "OPENVAS:1361412562310842508"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-602.NASL", "DEBIAN_DSA-3380.NASL", "EULEROS_SA-2019-2649.NASL", "PHP_5_5_30.NASL", "UBUNTU_USN-2786-1.NASL", "OPENSUSE-2016-100.NASL", "SUSE_SU-2016-1581-1.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "OPENSUSE-2016-157.NASL", "EULEROS_SA-2019-1984.NASL", "MACOSX_SECUPD2015-008.NASL", "9325.PRM", "SLACKWARE_SSA_2016-034-04.NASL", "EULEROS_SA-2019-2438.NASL", "SUSE_SU-2016-1638-1.NASL", "WEB_APPLICATION_SCANNING_98806", "GENTOO_GLSA-201606-10.NASL", "8956.PRM", "SUSE_SU-2016-0284-1.NASL", "MACOSX_10_11_2.NASL", "SUSE_SU-2016-1145-1.NASL", "PHP_5_6_14.NASL", "DEBIAN_DLA-341.NASL", "ALA_ALAS-2015-601.NASL", "PFSENSE_SA-15_08.NASL", "EULEROS_SA-2020-1747.NASL"]}, {"type": "freebsd", "idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32651"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"]}, {"type": "ubuntu", "idList": ["USN-2786-1"]}, {"type": "slackware", "idList": ["SSA-2016-034-04"]}, {"type": "hackerone", "idList": ["H1:104008", "H1:103990"]}, {"type": "amazon", "idList": ["ALAS-2015-602", "ALAS-2015-601"]}, {"type": "redhat", "idList": ["RHSA-2016:0457"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1581-1", "SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}], "modified": "2021-06-08T19:08:49", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2021-06-08T19:08:49", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "php", "operator": "eq", "version": "5.6"}], "immutableFields": [], "scheme": null, "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32651", "bulletinFamily": "software", "title": "[USN-2786-1] PHP vulnerabilities", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2786-1\r\nOctober 28, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nPHP could be made to crash if it processed a specially crafted file.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nIt was discovered that the PHP phar extension incorrectly handled certain\r\nfiles. A remote attacker could use this issue to cause PHP to crash,\r\nresulting in a denial of service. (CVE-2015-7803, CVE-2015-7804)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1\r\n php5-cgi 5.6.11+dfsg-1ubuntu3.1\r\n php5-cli 5.6.11+dfsg-1ubuntu3.1\r\n php5-fpm 5.6.11+dfsg-1ubuntu3.1\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.4\r\n php5-cli 5.6.4+dfsg-4ubuntu6.4\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.4\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.14\r\n php5-cli 5.5.9+dfsg-1ubuntu4.14\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.14\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.21\r\n php5-cgi 5.3.10-1ubuntu3.21\r\n php5-cli 5.3.10-1ubuntu3.21\r\n php5-fpm 5.3.10-1ubuntu3.21\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2786-1\r\n CVE-2015-7803, CVE-2015-7804\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32651", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "94aee96d0a33ff770af1ab8e308073f0"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "7591a4414fab4e00d545d96f67923bfe"}, {"key": "href", "hash": "91f326dd520bc78a7e8becd3c39b6be5"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "29738b7846c783fb3a4f2a49b7c4ccd3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "d2381bcd69ce89f633080a3b3bcd22d9c6038a3c2512d85530ef0a4ad6a45bd8", "viewCount": 181, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "f5", "idList": ["F5:K17503", "SOL17503"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7803", "UB:CVE-2015-7804"]}, {"type": "cve", "idList": ["CVE-2015-7803", "CVE-2015-7804"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191984", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310806649", "OPENVAS:1361412562310120520", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562310703380", "OPENVAS:703380", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562310807000", "OPENVAS:1361412562310806648", "OPENVAS:1361412562310120396", "OPENVAS:1361412562310842508"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-602.NASL", "DEBIAN_DSA-3380.NASL", "EULEROS_SA-2019-2649.NASL", "PHP_5_5_30.NASL", "UBUNTU_USN-2786-1.NASL", "OPENSUSE-2016-100.NASL", "SUSE_SU-2016-1581-1.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "OPENSUSE-2016-157.NASL", "EULEROS_SA-2019-1984.NASL", "MACOSX_SECUPD2015-008.NASL", "9325.PRM", "SLACKWARE_SSA_2016-034-04.NASL", "EULEROS_SA-2019-2438.NASL", "SUSE_SU-2016-1638-1.NASL", "WEB_APPLICATION_SCANNING_98806", "GENTOO_GLSA-201606-10.NASL", "8956.PRM", "SUSE_SU-2016-0284-1.NASL", "MACOSX_10_11_2.NASL", "SUSE_SU-2016-1145-1.NASL", "PHP_5_6_14.NASL", "DEBIAN_DLA-341.NASL", "ALA_ALAS-2015-601.NASL", "PFSENSE_SA-15_08.NASL", "EULEROS_SA-2020-1747.NASL"]}, {"type": "ubuntu", "idList": ["USN-2786-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14753"]}, {"type": "freebsd", "idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"]}, {"type": "slackware", "idList": ["SSA-2016-034-04"]}, {"type": "hackerone", "idList": ["H1:104008", "H1:103990"]}, {"type": "amazon", "idList": ["ALAS-2015-602", "ALAS-2015-601"]}, {"type": "redhat", "idList": ["RHSA-2016:0457"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1581-1", "SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32654", "bulletinFamily": "software", "title": "[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite - XXE injection\r\nAdvisory ID: [ERPSCAN-15-029]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 21.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4849\r\nCVSS Information\r\nCVSS Base Score: 6.8 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability Partial (P)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1) An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2) An attacker can perform a DoS attack (for example, XML Entity Expansion).\r\n3) An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/IspPunchInServlet\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32654", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4849"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "05f33ecfa6c5da775ada7be0946e9c35"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "e069b6a0eb846de58d51f6f1caccd76e"}, {"key": "href", "hash": "a034a18d00b9b8f4a3448812c0519f69"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "c9c62536a7dbd3fac9ecbf649050cab1"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "c4015e5d0067bf08940e133c4477451e433581d60a4c9b7745f8b69fced90c4c", "viewCount": 168, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4849"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-029"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14755"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2015"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32658", "bulletinFamily": "software", "title": "[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite Cross-site Scripting\r\nAdvisory ID: [ERPSCAN-15-027]\r\nAdvisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: Cross-site Scripting\r\nImpact: impersonation, information disclosure\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4854\r\nCVSS Information\r\nCVSS Base Score: 4.3 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality None (N)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability None (N)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nAn anonymous attacker can create a special link that injects malicious JS code\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.4\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nCfgOCIReturn servlet is vulnerable to Cross-site Scripting (XSS) due\r\nto lack of sanitizing the "domain" parameter.\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32658", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4854"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "4b5a683c958427d1f139ea46960c1f77"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "ac4e2716cd1f40662335b0c2baefa8ac"}, {"key": "href", "hash": "793234d92076d083ca1ba3d060535b33"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "5015d42a9a849429bfd5eccdc891f977"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "d412a2c5f1d57e01c882336bd5b7b03d9bbc5e601468b64828936dded249a019", "viewCount": 182, "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4854"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-027"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015", "ORACLE:CPUOCT2015-2367953"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32657", "bulletinFamily": "software", "title": "[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite SQL injection\r\nAdvisory ID: [ERPSCAN-15-026]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: SQL injection\r\nImpact: SQL injection, RCE\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4846\r\nCVSS Information\r\nCVSS Base Score: 3.6 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) High (H)\r\nAu : Authentication (Level of authentication needed to exploit) Single (S)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability None (N)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nThe problem is caused by an SQL injection vulnerability. The code\r\ncomprises an SQL statement that contains strings that can be altered\r\nby an attacker. The manipulated SQL statement can then be used to\r\nretrieve additional data from the database or to modify the data.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3, 12.1.4\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nOne of SQL extensions (afamexts.sql) does not filter user input values\r\nwhich may lead to SQL injection. The only defense mechanism is a\r\npassword for APPS. If an attacker knows the password (for example,\r\ndefault password APPS/APPS), he will be able to exploit SQL injection\r\nwith high privilege.\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 3.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32657", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4846"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "2028f4e78a559d181736340a0b1d147d"}, {"key": "cvss", "hash": "2cbf8392c8ba6ad3fc64242f5a2d3294"}, {"key": "description", "hash": "0003d17d2e87c7e0ff565bcbf5cb29db"}, {"key": "href", "hash": "3b52d758a08f078f46108d7d53e82563"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "79450712fbf162b7be89a44b998f0b41"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "b741a8a189c11460c107071162d0ca6a5c37837c88eb3e8aa27aacd53d2530d3", "viewCount": 165, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4846"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-026"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14755"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2015"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:VULN:14720", "bulletinFamily": "software", "title": "apport security vulnerabilities", "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32660", "https://vulners.com/securityvulns/securityvulns:doc:32549"], "cvelist": ["CVE-2015-1338"], "type": "securityvulns", "lastseen": "2021-06-08T18:47:21", "history": [{"bulletin": {"affectedSoftware": [{"name": "Apport", "operator": "eq", "version": "2.18"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-1338"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:10:02", "references": [{"idList": ["1337DAY-ID-24318"], "type": "zdt"}, {"idList": ["EDB-ID:38353"], "type": "exploitdb"}, {"idList": ["SUSE_SU-2017-1938-1.NASL", "UBUNTU_USN-2744-1.NASL"], "type": "nessus"}, {"idList": ["USN-2744-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310842461"], "type": "openvas"}, {"idList": ["CVE-2015-1338"], "type": "cve"}, {"idList": ["SECURITYVULNS:DOC:32549", "SECURITYVULNS:DOC:32660"], "type": "securityvulns"}], "rev": 2}, "score": {"modified": "2018-08-31T11:10:02", "rev": 2, "value": 6.3, "vector": "NONE"}}, "hash": "1fa5005708a149c7c59442ee368563a06ac60940d1520936b1bdf2bc66d28119", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "f2f10dc547bbfec7457259bd6d7e047e", "key": "affectedSoftware"}, {"hash": "c40e388f6268f3ea89c15217ff7a389f", "key": "href"}, {"hash": "5ed00cd4fde4dff0aae89dbca81d74db", "key": "references"}, {"hash": "bc78879f0f9131664d05d93df6e74e24", "key": "description"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "6ba287598210482dd32c01dba6343482", "key": "title"}, {"hash": "2c5cca82a8670da097919f6160833daf", "key": "reporter"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "modified"}, {"hash": "c673ee2fdc72d8a4f67ca23a54ca10e5", "key": "cvelist"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "published"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "id": "SECURITYVULNS:VULN:14720", "immutableFields": [], "lastseen": "2018-08-31T11:10:02", "modified": "2015-11-02T00:00:00", "objectVersion": "1.5", "published": "2015-11-02T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32660", "https://vulners.com/securityvulns/securityvulns:doc:32549"], "reporter": "BUGTRAQ", "title": "apport security vulnerabilities", "type": "securityvulns", "viewCount": 486}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:10:02"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "c063ed29dc851cbe70ebf2ae9876b01e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "c673ee2fdc72d8a4f67ca23a54ca10e5"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "bc78879f0f9131664d05d93df6e74e24"}, {"key": "href", "hash": "c40e388f6268f3ea89c15217ff7a389f"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "5ed00cd4fde4dff0aae89dbca81d74db"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "6ba287598210482dd32c01dba6343482"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "6a476b22964ed9af13d180099f91a74f2789ce11576be85b9f99a47748d85438", "viewCount": 496, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2015-1338"]}, {"type": "cve", "idList": ["CVE-2015-1338"]}, {"type": "exploitdb", "idList": ["EDB-ID:38353"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842461"]}, {"type": "zdt", "idList": ["1337DAY-ID-24318"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32660", "SECURITYVULNS:DOC:32549"]}, {"type": "ubuntu", "idList": ["USN-2744-1"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2744-1.NASL", "SUSE_SU-2017-1938-1.NASL"]}], "modified": "2021-06-08T18:47:21", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-06-08T18:47:21", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "apport", "operator": "eq", "version": "2.18"}], "immutableFields": [], "scheme": null, "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32652", "bulletinFamily": "software", "title": "[USN-2787-1] audiofile vulnerability", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2787-1\r\nOctober 28, 2015\r\n\r\naudiofile vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\naudiofile could be made to crash or run programs as your login if it\r\nopened a specially crafted file.\r\n\r\nSoftware Description:\r\n- audiofile: Open-source version of the SGI audiofile library\r\n\r\nDetails:\r\n\r\nFabrizio Gennari discovered that audiofile incorrectly handled changing\r\nboth the sample format and the number of channels. If a user or automated\r\nsystem were tricked into processing a specially crafted file, audiofile\r\ncould be made to crash, leading to a denial of service, or possibly execute\r\narbitrary code.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libaudiofile1 0.3.6-2ubuntu0.15.10.1\r\n\r\nUbuntu 15.04:\r\n libaudiofile1 0.3.6-2ubuntu0.15.04.1\r\n\r\nUbuntu 14.04 LTS:\r\n libaudiofile1 0.3.6-2ubuntu0.14.04.1\r\n\r\nUbuntu 12.04 LTS:\r\n libaudiofile1 0.3.3-2ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2787-1\r\n CVE-2015-7747\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.10.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.14.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.3-2ubuntu0.1\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32652", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-7747"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "50c023fd612f4a3919caafafd70af1c7"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "e1b942ed5a7d4bd7fdbdd4d984bbcfa8"}, {"key": "href", "hash": "87f14b8fbd08732c6a73b13d46fe98ee"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "e9b921c5bed1ed652b982edc288318b4"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "2d5a85403cc62aca18c0b34cea5aabc8d0bf0116ed796c96ad83efa605c5584f", "viewCount": 339, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2015-7747"]}, {"type": "cve", "idList": ["CVE-2015-7747"]}, {"type": "fedora", "idList": ["FEDORA:476D76074A70", "FEDORA:AC00060E6E18"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842506", "OPENVAS:1361412562310131103", "OPENVAS:1361412562310806796"]}, {"type": "ubuntu", "idList": ["USN-2787-1"]}, {"type": "nessus", "idList": ["SUSE_SU-2017-0940-1.NASL", "OPENSUSE-2015-698.NASL", "UBUNTU_USN-2787-1.NASL", "FEDORA_2015-605CD28F33.NASL", "FEDORA_2015-4BC7688B3E.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14754"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3877"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32660", "bulletinFamily": "software", "title": "[USN-2782-1] Apport vulnerability", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2782-1\r\nOctober 27, 2015\r\n\r\napport vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nApport could be made to run programs as an administrator.\r\n\r\nSoftware Description:\r\n- apport: automatically generate crash reports for debugging\r\n\r\nDetails:\r\n\r\nGabriel Campana discovered that Apport incorrectly handled Python module\r\nimports. A local attacker could use this issue to elevate privileges.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n apport 2.19.1-0ubuntu4\r\n\r\nUbuntu 15.04:\r\n apport 2.17.2-0ubuntu1.7\r\n\r\nUbuntu 14.04 LTS:\r\n apport 2.14.1-0ubuntu3.18\r\n\r\nUbuntu 12.04 LTS:\r\n apport 2.0.1-0ubuntu17.13\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2782-1\r\n CVE-2015-1341\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/apport/2.19.1-0ubuntu4\r\n https://launchpad.net/ubuntu/+source/apport/2.17.2-0ubuntu1.7\r\n https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.18\r\n https://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu17.13\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32660", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-1341"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "8f49c49cf517447776f8becbe7916610"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "67dffb644bd6572ab0e644ffec4f8a3d"}, {"key": "href", "hash": "d0b126369a0f5b3d6c7e71db9fa232a5"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "874f3cf5f97e14a7710794ca3a33d6b6"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "7aa6be6084a2337a91bd0bd8527d0eafc3a8d4e537ffb27c8af1a86889efc06d", "viewCount": 209, "enchantments": {"score": {"value": 5.2, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2015-1341"]}, {"type": "cve", "idList": ["CVE-2015-1341"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842505"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2782-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-2782-1"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32655", "bulletinFamily": "software", "title": "[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite XXE injection\r\nAdvisory ID: [ERPSCAN-15-030]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4851\r\nCVSS Information\r\nCVSS Base Score: 6.8 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability Partial (P)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1) An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2) An attacker can perform a DoS attack (for example, XML Entity Expansion).\r\n3) An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/oramipp_lpr\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32655", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4851"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "63db7f670b9c5615e482d0338ccc1970"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "d89fcd2baf8a53a154659fa121f9e2da"}, {"key": "href", "hash": "53ac53d7c165321e6db0accca2f44053"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "454360ae6b0ecae8a6f843602b44b093"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "cb18bce50ec994d7c269875a40e561f262f505c65bda1189c95aab1fee4ec261", "viewCount": 110, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4851"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-030"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14755"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2015"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32659", "bulletinFamily": "software", "title": "Secunia Research: Oracle Outside In Two Buffer Overflow Vulnerabilities", "description": "\r\n\r\n======================================================================\r\n\r\n Secunia Research (now part of Flexera Software) 26/10/2015\r\n\r\n Oracle Outside In Two Buffer Overflow Vulnerabilities\r\n\r\n======================================================================\r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nDescription of Vulnerabilities.......................................3\r\nSolution.............................................................4\r\nTime Table...........................................................5\r\nCredits..............................................................6\r\nReferences...........................................................7\r\nAbout Secunia........................................................8\r\nVerification.........................................................9\r\n\r\n======================================================================\r\n\r\n1) Affected Software\r\n\r\n* Oracle Outside In versions 8.5.0, 8.5.1, and 8.5.2.\r\n\r\n====================================================================== \r\n2) Severity\r\n\r\nRating: Moderately critical\r\nImpact: System Access\r\nWhere: From remote\r\n\r\n====================================================================== \r\n3) Description of Vulnerabilities\r\n\r\nSecunia Research has discovered two vulnerabilities in Oracle Outside\r\nIn Technology, which can be exploited by malicious people to cause a\r\nDoS (Denial of Service) and compromise an application using the SDK.\r\n\r\n1) An error in the vstga.dll when processing TGA files can be\r\nexploited to cause an out-of-bounds write memory access.\r\n\r\n2) An error in the libxwd2.dll when processing XWD files can be\r\nexploited to cause a stack-based buffer overflow.\r\n\r\nSuccessful exploitation of the vulnerabilities may allow execution of\r\narbitrary code.\r\n\r\n====================================================================== \r\n4) Solution\r\n\r\nApply update. Please see the Oracle Critical Patch Update Advisory\r\nfor October 2015 for details.\r\n\r\n====================================================================== \r\n5) Time Table\r\n\r\n14/07/2015 - Vendor notified of vulnerabilities.\r\n14/07/2015 - Vendor acknowledges report.\r\n16/07/2015 - Vendor supplied bug ticket ID.\r\n27/07/2015 - Vendor supplied information of fix in main codeline.\r\n24/09/2015 - Replied to vendor and asked about CVE references.\r\n25/09/2015 - Vendor replied that they check our request.\r\n27/09/2015 - Vendor assigned two CVE references.\r\n17/10/2015 - Vendor supplied 20/10/2015 as estimated fix date.\r\n20/10/2015 - Release of vendor patch.\r\n21/10/2015 - Public disclosure.\r\n26/10/2015 - Publication of research advisory.\r\n\r\n======================================================================\r\n\r\n6) Credits\r\n\r\nDiscovered by Behzad Najjarpour Jabbari, Secunia Research (now part\r\nof Flexera Software).\r\n\r\n======================================================================\r\n\r\n7) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nthe CVE-2015-4877 and CVE-2015-4878 identifiers for the\r\nvulnerabilities.\r\n\r\n======================================================================\r\n\r\n8) About Secunia (now part of Flexera Software)\r\n\r\nIn September 2015, Secunia has been acquired by Flexera Software:\r\n\r\nhttps://secunia.com/blog/435/\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private\r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the\r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n======================================================================\r\n\r\n9) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2015-04/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 1.5, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32659", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4878", "CVE-2015-4877"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "4ace813207bcca904f9ce30b2a4af836"}, {"key": "cvss", "hash": "9d86a8fe7d128c293831f0df378bc422"}, {"key": "description", "hash": "de292b07408952b00a29b1013274de92"}, {"key": "href", "hash": "11fc31982f2dd77a257b335afddaff3b"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "6b73b451bb90c7def538fd4988f62817"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "9209f88c1ea4359c169adccc3614f3dde9ab7ec6501fd012d418096bf0181477", "viewCount": 230, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4877", "CVE-2015-4878"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:00F56398A41A55DCC6858F0DBCF56C03", "EXPLOITPACK:A7CDE07AD2ACD817E8BEDEF7E2743190"]}, {"type": "exploitdb", "idList": ["EDB-ID:38788", "EDB-ID:38789"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14755"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2015"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32656", "bulletinFamily": "software", "title": "[ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite - Database user enumeration\r\nAdvisory ID: [ERPSCAN-15-025]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/\r\nDate published:20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: User Enumeration\r\nImpact: user enumeration, SSRF\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4845\r\nCVSS Information\r\nCVSS Base Score: 4.3 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity None (N)\r\nA : Impact to Availability None (N)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nThere is a script in EBS that is used to connect to the database and\r\ndisplays the connection status. Different connection results can help\r\nan attacker to find existing database accounts.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.2.4\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nDatabase users enumeration\r\nVunerable script: Aoljtest.js\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32656", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4845"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "353788a19da4a0fbd9dc61ba1dd3e473"}, {"key": "cvss", "hash": "3c236091754d2db00c1c42f811b3ada4"}, {"key": "description", "hash": "dfc668491cfc1b18219f4e0fa27629bb"}, {"key": "href", "hash": "47472cec8220b519f9db4a3abd3311c2"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "6f38bdb72f53e9d8a774aa08a5beb873"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "a7d3f7599d9f9ff60ac91028e300ded9e66717f1acded1e1704741a8e99c4dea", "viewCount": 119, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4845"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-025"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14755"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2015"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:VULN:14754", "bulletinFamily": "software", "title": "audiofile memory corruption", "description": "Crash on audiofiles processing.", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14754", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32652"], "cvelist": ["CVE-2015-7747"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:03", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "3ee3e850532a4e379263e510332ca570"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "50c023fd612f4a3919caafafd70af1c7"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "4edae476ac60af4535025767b9ffe8c9"}, {"key": "href", "hash": "a8ce47278a16f2d3e9f9942d079a8fae"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "c3e652d5193ecf1d452bdc5cda802620"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "096a6a1e782e7d5d437260d8fb399592"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "1544646943014e212849d4d22258dcafe7e1c933f1089c2e69598ad653c10407", "viewCount": 105, "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2018-08-31T11:10:03", "rev": 2}, "dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2015-7747"]}, {"type": "cve", "idList": ["CVE-2015-7747"]}, {"type": "fedora", "idList": ["FEDORA:AC00060E6E18", "FEDORA:476D76074A70"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842506", "OPENVAS:1361412562310806796", "OPENVAS:1361412562310131103"]}, {"type": "ubuntu", "idList": ["USN-2787-1"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2787-1.NASL", "OPENSUSE-2015-698.NASL", "FEDORA_2015-4BC7688B3E.NASL", "FEDORA_2015-605CD28F33.NASL", "SUSE_SU-2017-0940-1.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32652"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3877"]}], "modified": "2018-08-31T11:10:03", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "libaudiofile", "operator": "eq", "version": "0.3"}], "immutableFields": [], "cvss2": {}, "cvss3": {}}]}
