CWE-1286
AllowedImproper Validation of Syntactic Correctness of Input
Abstraction: Base · Status: Incomplete
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
150 vulnerabilities reference this CWE, most recent first.
CVE-2024-51982 (GCVE-0-2024-51982)
Vulnerability from cvelistv5 – Published: 2025-06-25 07:25 – Updated: 2026-04-02 14:05- CWE-1286 - Improper Validation of Syntactic Correctness of Input
| URL | Tags |
|---|---|
| https://support.brother.com/g/b/link.aspx?prod=gr… | vendor-advisory |
| https://www.fujifilm.com/fbglobal/eng/company/new… | vendor-advisory |
| https://www.ricoh.com/products/security/vulnerabi… | vendor-advisory |
| https://www.rapid7.com/blog/post/multiple-brother… | third-party-advisory |
| https://assets.contentstack.io/v3/assets/blte4f02… | technical-description |
| https://github.com/sfewer-r7/BrotherVulnerabilities | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51982",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T12:27:43.868452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-25T12:41:13.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HL-L8260CDN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.65(ZH)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L8260CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.65(ZH)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L8360CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.68(ZG)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L8360CDWT",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.68(ZG)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L9310CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.68(ZG)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L8410CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZK",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L8610CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZK",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L8690CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZK",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L8900CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZM",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L9570CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZM",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L9577CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZM",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2325DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2350DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2351DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2352DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2357DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2370DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2371DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2372DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-2590DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2370DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2370DWXL",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2375DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2376DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-B2050DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-B2080DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2385DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2386DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-2595DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2350DWR",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2370DNR",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2375DWR",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.74(ZE)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2395DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2730DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2732DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2750DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2750DWXL",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2751DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2770DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2771DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2730DWR",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2750DWR",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-7195DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-7895DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2730DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L2390DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2530DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2531DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2532DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2535DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2537DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-B7520DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "V",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2550DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2550DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2551DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2551DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2552DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-B7535DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "V",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2690DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2710DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2712DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2710DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2712DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2713DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2715DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2716DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2717DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-B7715DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2530DWR",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2550DNR",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2710DNR",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2710DWR",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZC",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "FAX-L2710DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-7190DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "V",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-B7530DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "V",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-7890DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "V",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-B7720DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "V",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-7090DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "M",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-7190DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "M",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L3210CW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.39(ZA)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L3230CDN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.39(ZA)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L3230CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.39(ZA)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-3160CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.39(ZA)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L3270CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.36(ZA)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-3190CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.36(ZA)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L3510CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZA",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L3517CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZA",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-L3290CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZA",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L3551CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZA",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L3550CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZE",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-9030CDN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZE",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L3710CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZE",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L3730CDN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZE",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-9150CDN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZE",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L3735CDN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZE",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L3745CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZE",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L3750CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZE",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-9350CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZE",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L3770CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZE",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T520W",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.21(M)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T525W",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.21(M)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T720DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.20(L)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T725DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.20(L)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T820DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.20(L)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T825DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.20(L)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-T920DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.23(N)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-T925DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.23(N)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T220",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.27(K)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T225",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.27(K)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T226",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.27(K)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T420W",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.27(K)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T425W",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.27(K)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T426W",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.27(K)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T428W",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.27(K)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-C421W",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "1.04(D)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J805DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "J",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J1100DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "P",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J995DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "P",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J1300DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "P",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J988N",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Q",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J1500N",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "P",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J1605DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "K",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J5845DW(XL)",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "N",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J5945DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "T",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J6945DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "T",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J6947DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "T",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-J6000DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "S",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-J6100DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "S",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J6997CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "T",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J6999CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "T",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-J6000CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "S",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-T4500DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "P",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HL-T4000DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "N",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J5330DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "W",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J5335DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "W",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J2330DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "W",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J5730DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Y",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J5830DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Y",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J5930DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Y",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J2730DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Y",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J6530DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "W",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J6730DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "W",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J3530DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "W",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J6930DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Z",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J6935DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Z",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J3930DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Z",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J6535DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Z",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J6580CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J6980CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "S",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J6995CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "S",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J5630CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "L",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J6583CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "K",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J6983CDW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "N",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T510W",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Q",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T710W",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Q",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-T810W",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Q",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-T910DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Q",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J572DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "P",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J491DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Q",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J497DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Q",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J772DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "T",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J774DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "T",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J890DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "T",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J895DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "T",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J690DW",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "T",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J572N",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "W",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J577N",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "W",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J582N",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "W",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J972N",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Y",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J973N-W/B",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Y",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J978N-W/B",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Y",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J981N",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Y",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J982N-W/B",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Y",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J893N",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "X",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J898N",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "X",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J738DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "M",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J738DWN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "M",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J998DN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "M",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J998DWN",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "M",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J587N",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "F",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DocuPrint P235 d",
"vendor": "FUJIFILM Business Innovation",
"versions": [
{
"lessThanOrEqual": "1.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DocuPrint P275 dw",
"vendor": "FUJIFILM Business Innovation",
"versions": [
{
"lessThanOrEqual": "1.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DocuPrint P285 dw",
"vendor": "FUJIFILM Business Innovation",
"versions": [
{
"lessThanOrEqual": "1.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DocuPrint P288 dw",
"vendor": "FUJIFILM Business Innovation",
"versions": [
{
"lessThanOrEqual": "1.15",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DocuPrint M235 dw",
"vendor": "FUJIFILM Business Innovation",
"versions": [
{
"lessThanOrEqual": "K",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DocuPrint M235 z",
"vendor": "FUJIFILM Business Innovation",
"versions": [
{
"lessThanOrEqual": "K",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DocuPrint M275 z",
"vendor": "FUJIFILM Business Innovation",
"versions": [
{
"lessThanOrEqual": "L",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DocuPrint M285 z",
"vendor": "FUJIFILM Business Innovation",
"versions": [
{
"lessThanOrEqual": "L",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DocuPrint M288 dw",
"vendor": "FUJIFILM Business Innovation",
"versions": [
{
"lessThanOrEqual": "E",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DocuPrint M288 z",
"vendor": "FUJIFILM Business Innovation",
"versions": [
{
"lessThanOrEqual": "E",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SP 230DNw",
"vendor": "RICOH",
"versions": [
{
"lessThanOrEqual": "1.07(G)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "P 201W",
"vendor": "RICOH",
"versions": [
{
"lessThanOrEqual": "1.03D(D)",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "M 340W",
"vendor": "RICOH",
"versions": [
{
"lessThanOrEqual": "G",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SP 230SFNw",
"vendor": "RICOH",
"versions": [
{
"lessThanOrEqual": "J",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "M 340FW",
"vendor": "RICOH",
"versions": [
{
"lessThanOrEqual": "H",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J987N-W/B",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "F",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T510W(China)",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "N",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-T710W(China)",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "N",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J805DWXL",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "J",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J815DWXL",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "J",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J995DWXL",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "P",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-T810W(China)",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "N",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-B7520DW (China)",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "V",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-B7535DW (China)",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "V",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2535DW (China)",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "M",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2550DW (China)",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "M",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2550DW (Japan)",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "R",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-L2550DW (Taiwan)",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "V",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2715DW (Taiwan/Korea/Hong Kong)",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "V",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L2750DW (Japan)",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "R",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L3770CDW (Japan)",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZA",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L8610CDW (Japan)",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZD",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-L9570CDW (Japan)",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "ZD",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ADS-2400N",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "T",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ADS-2800W",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "T",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ADS-3000N",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "T",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ADS-3600W",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "T",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J973N W/B",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Y",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J978N W/B",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Y",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J982N W/B",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "Y",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DCP-J987N W/B",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "F",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MFC-J903N",
"vendor": "Brother Industries, Ltd",
"versions": [
{
"lessThanOrEqual": "X",
"status": "affected",
"version": "A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stephen Fewer, Principal Security Researcher at Rapid7"
}
],
"datePublic": "2025-06-25T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non number value causing the target to crash."
}
],
"value": "An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non number value causing the target to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T14:05:35.126Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.brother.com/g/b/link.aspx?prod=group2\u0026faqid=faq00100846_000"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0625_announce.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000007"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed"
},
{
"tags": [
"technical-description"
],
"url": "https://assets.contentstack.io/v3/assets/blte4f029e766e6b253/blt6495b3c6adf2867f/685aa980a26c5e2b1026969c/vulnerability-disclosure-whitepaper.pdf"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/sfewer-r7/BrotherVulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Denial of Service (DoS) via malformed PJL request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, and Ricoh.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2024-51982",
"datePublished": "2025-06-25T07:25:00.402Z",
"dateReserved": "2024-11-04T17:19:18.809Z",
"dateUpdated": "2026-04-02T14:05:35.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-29041 (GCVE-0-2024-29041)
Vulnerability from cvelistv5 – Published: 2024-03-25 20:20 – Updated: 2024-08-02 01:03| URL | Tags |
|---|---|
| https://github.com/expressjs/express/security/adv… | x_refsource_CONFIRM |
| https://github.com/koajs/koa/issues/1800 | x_refsource_MISC |
| https://github.com/expressjs/express/pull/5539 | x_refsource_MISC |
| https://github.com/expressjs/express/commit/08673… | x_refsource_MISC |
| https://github.com/expressjs/express/commit/0b746… | x_refsource_MISC |
| https://expressjs.com/en/4x/api.html#res.location | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-26T13:59:28.274744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:57:16.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.705Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc"
},
{
"name": "https://github.com/koajs/koa/issues/1800",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/koajs/koa/issues/1800"
},
{
"name": "https://github.com/expressjs/express/pull/5539",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/expressjs/express/pull/5539"
},
{
"name": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd"
},
{
"name": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94"
},
{
"name": "https://expressjs.com/en/4x/api.html#res.location",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://expressjs.com/en/4x/api.html#res.location"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "express",
"vendor": "expressjs",
"versions": [
{
"status": "affected",
"version": "\u003e=4.14.0, \u003c4.19.0"
},
{
"status": "affected",
"version": "\u003e=5.0.0-alpha.1, \u003c5.0.0-beta.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T20:20:06.205Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc"
},
{
"name": "https://github.com/koajs/koa/issues/1800",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/koajs/koa/issues/1800"
},
{
"name": "https://github.com/expressjs/express/pull/5539",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/expressjs/express/pull/5539"
},
{
"name": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd"
},
{
"name": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94"
},
{
"name": "https://expressjs.com/en/4x/api.html#res.location",
"tags": [
"x_refsource_MISC"
],
"url": "https://expressjs.com/en/4x/api.html#res.location"
}
],
"source": {
"advisory": "GHSA-rv95-896h-c2vc",
"discovery": "UNKNOWN"
},
"title": "Express.js Open Redirect in malformed URLs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29041",
"datePublished": "2024-03-25T20:20:06.205Z",
"dateReserved": "2024-03-14T16:59:47.614Z",
"dateUpdated": "2024-08-02T01:03:51.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21616 (GCVE-0-2024-21616)
Vulnerability from cvelistv5 – Published: 2024-01-12 00:56 – Updated: 2025-06-17 14:43- CWE-1286 - Improper Validation of Syntactic Correctness of Input
- Denial of Service (DoS)
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA75757 | vendor-advisory |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.… | technical-description |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S6
(semver)
Affected: 21.3 , < 21.3R3-S5 (semver) Affected: 21.4 , < 21.4R3-S5 (semver) Affected: 22.1 , < 22.1R3-S4 (semver) Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.3 , < 22.3R3-S1 (semver) Affected: 22.4 , < 22.4R2-S2, 22.4R3 (semver) Affected: 23.2 , < 23.2R1-S1, 23.2R2 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA75757"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-08T20:39:11.105269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T14:43:11.964Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series",
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S6",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2-S2, 22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S1, 23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.\u003c/p\u003e\u003cp\u003ePlease verify on SRX with:\u003c/p\u003e\u003ccode\u003e user@host\u0026gt; show security alg status | match sip\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e SIP : Enabled\u003c/code\u003e\u003cbr/\u003e\u003cp\u003ePlease verify on MX whether the following is configured:\u003c/p\u003e\u003ccode\u003e user@host\u0026gt; show security alg status | match sip\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e SIP : Enabled\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e [services ... rule \u0026lt;rule-name\u0026gt; (term \u0026lt;term-name\u0026gt; ) from/match application/application-set \u0026lt;name\u0026gt;]\u003c/code\u003e\u003cbr/\u003e\u003cp\u003ewhere either\u003c/p\u003e\u003ccode\u003e a. name = junos-sip\u003c/code\u003e\u003cbr/\u003e\u003cp\u003eor an application or application-set refers to SIP:\u003c/p\u003e\u003ccode\u003e b. [applications application \u0026lt;name\u0026gt; application-protocol sip]\u003c/code\u003e\u003cbr/\u003e\u003cp\u003eor\u003c/p\u003e\u003ccode\u003e c. [applications application-set \u0026lt;name\u0026gt; application junos-sip]\u003c/code\u003e\u003cbr/\u003e"
}
],
"value": "To be affected the SIP ALG needs to be enabled, either implicitly / by default or by way of configuration.\n\nPlease verify on SRX with:\n\n user@host\u003e show security alg status | match sip\n SIP : Enabled\nPlease verify on MX whether the following is configured:\n\n user@host\u003e show security alg status | match sip\n SIP : Enabled\n [services ... rule \u003crule-name\u003e (term \u003cterm-name\u003e ) from/match application/application-set \u003cname\u003e]\nwhere either\n\n a. name = junos-sip\nor an application or application-set refers to SIP:\n\n b. [applications application \u003cname\u003e application-protocol sip]\nor\n\n c. [applications application-set \u003cname\u003e application junos-sip]\n"
}
],
"datePublic": "2024-01-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eOn all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.\u003c/p\u003e\u003cp\u003eNAT IP usage can be monitored by running the following command.\u003c/p\u003e\u003ccode\u003euser@srx\u0026gt; show security nat resource-usage source-pool \u0026lt;source_pool_name\u0026gt;\u003c/code\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003ccode\u003ePool name: source_pool_name\u003c/code\u003e\u003cbr\u003e\u003ccode\u003e..\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eAddress Factor-index Port-range Used Avail Total Usage\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eX.X.X.X\u003c/code\u003e\u003cbr\u003e\u003ccode\u003e0 Single Ports 50258 52342 62464 96% \u0026lt;\u0026lt;\u0026lt;\u0026lt;\u0026lt;\u003c/code\u003e\u003cbr\u003e\u003ccode\u003e- Alg Ports 0 2048 2048 0%\u003c/code\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS on MX Series and SRX Series\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions earlier than 21.2R3-S6;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S3;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-S1;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R2-S2, 22.4R3;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than 23.2R1-S1, 23.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nOn all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition.\n\nNAT IP usage can be monitored by running the following command.\n\nuser@srx\u003e show security nat resource-usage source-pool \u003csource_pool_name\u003e\n\n\nPool name: source_pool_name\n..\nAddress Factor-index Port-range Used Avail Total Usage\nX.X.X.X\n0 Single Ports 50258 52342 62464 96% \u003c\u003c\u003c\u003c\u003c\n- Alg Ports 0 2048 2048 0%\nThis issue affects:\n\nJuniper Networks Junos OS on MX Series and SRX Series\n\n\n\n * All versions earlier than 21.2R3-S6;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.2 versions earlier than 23.2R1-S1, 23.2R2.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T00:56:20.566Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA75757"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S6, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R2-S2, 22.4R3, 23.2R1-S1, 23.2R2, 23.4R1, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA75757",
"defect": [
"1702811"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-10T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: MX Series and SRX Series: Processing of a specific SIP packet causes NAT IP allocation to fail",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue, but it should be considered to disable the SIP ALG if it\u0027s not strictly needed.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue, but it should be considered to disable the SIP ALG if it\u0027s not strictly needed.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21616",
"datePublished": "2024-01-12T00:56:20.566Z",
"dateReserved": "2023-12-27T19:38:25.710Z",
"dateUpdated": "2025-06-17T14:43:11.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21598 (GCVE-0-2024-21598)
Vulnerability from cvelistv5 – Published: 2024-04-12 14:54 – Updated: 2024-08-01 22:27- CWE-1286 - Improper Validation of Syntactic Correctness of Input
- Denial of Service (DoS)
| URL | Tags |
|---|---|
| http://supportportal.juniper.net/JSA75739 | vendor-advisory |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.… | technical-description |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
20.4 , < 20.4R3-S9
(semver)
Affected: 21.2 , < 21.2R3-S7 (semver) Affected: 21.3 , < 21.3R3-S5 (semver) Affected: 21.4 , < 21.4R3-S5 (semver) Affected: 22.1 , < 22.1R3-S4 (semver) Affected: 22.2 , < 22.2R3-S3 (semver) Affected: 22.3 , < 22.3R3-S1 (semver) Affected: 22.4 , < 22.4R3 (semver) Affected: 23.2 , < 23.2R1-S2, 23.2R2 (semver) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
20.4-EVO , < 20.4R3-S9-EVO
(semver)
Affected: 21.2-EVO , < 21.2R3-S7-EVO (semver) Affected: 21.3-EVO , < 21.3R3-S5-EVO (semver) Affected: 21.4-EVO , < 21.4R3-S5-EVO (semver) Affected: 22.1-EVO , < 22.1R3-S4-EVO (semver) Affected: 22.2-EVO , < 22.2R3-S3-EVO (semver) Affected: 22.3-EVO , < 22.3R3-S1-EVO (semver) Affected: 22.4-EVO , < 22.4R3-EVO (semver) Affected: 23.2-EVO , < 23.2R1-S2-EVO, 23.2R2-EVO (semver) |
|
| juniper_networks | junos_os |
Affected:
20.4 , < 20.4r3-s9
(custom)
Affected: 21.2 , < 21.2r3-s7 (custom) Affected: 21.3 , < 21.3r3-s5 (custom) Affected: 21.4 , < 21.4r3-s5 (custom) Affected: 22.1 , < 22.1r3-s4 (custom) Affected: 22.2 , < 22.2r3-s3 (custom) Affected: 22.3 , < 22.3r3-s1 (custom) Affected: 22.4 , < 22.4r3 (custom) Affected: 23.2 , < 23.2r1-s2 (custom) cpe:2.3:o:juniper_networks:junos_os:20.4:*:*:*:*:*:*:* |
|
| juniper | junos_os_evolved |
Affected:
20.4 , < 20.4r3-s9
(custom)
Affected: 21.2 , < 21.2r3-s7 (custom) Affected: 21.3 , < 21.3r3-s5 (custom) Affected: 21.4 , < 21.4r3-s4 (custom) Affected: 22.1 , < 22.1r3-s4 (custom) Affected: 22.2 , < 22.2r3-s3 (custom) cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper_networks:junos_os:20.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper_networks",
"versions": [
{
"lessThan": "20.4r3-s9",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.2r3-s7",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3r3-s5",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4r3-s5",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1r3-s4",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2r3-s3",
"status": "affected",
"version": "22.2",
"versionType": "custom"
},
{
"lessThan": "22.3r3-s1",
"status": "affected",
"version": "22.3",
"versionType": "custom"
},
{
"lessThan": "22.4r3",
"status": "affected",
"version": "22.4",
"versionType": "custom"
},
{
"lessThan": "23.2r1-s2",
"status": "affected",
"version": "23.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:22.3:-:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:22.1:-:*:*:*:*:*:*",
"cpe:2.3:o:juniper:junos_os_evolved:22.2:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "20.4r3-s9",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.2r3-s7",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3r3-s5",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4r3-s4",
"status": "affected",
"version": "21.4",
"versionType": "custom"
},
{
"lessThan": "22.1r3-s4",
"status": "affected",
"version": "22.1",
"versionType": "custom"
},
{
"lessThan": "22.2r3-s3",
"status": "affected",
"version": "22.2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-12T18:02:57.570562Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T14:32:30.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://supportportal.juniper.net/JSA75739"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S9",
"status": "affected",
"version": "20.4",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7",
"status": "affected",
"version": "21.2",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5",
"status": "affected",
"version": "21.3",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S2, 23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S9-EVO",
"status": "affected",
"version": "20.4-EVO",
"versionType": "semver"
},
{
"lessThan": "21.2R3-S7-EVO",
"status": "affected",
"version": "21.2-EVO",
"versionType": "semver"
},
{
"lessThan": "21.3R3-S5-EVO",
"status": "affected",
"version": "21.3-EVO",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S5-EVO",
"status": "affected",
"version": "21.4-EVO",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S4-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S3-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S1-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R1-S2-EVO, 23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be exposed to this vulnerability BGP needs to be configured as in the following example, but no further options need to be enabled:\u003c/p\u003e\u003cp\u003e\u0026nbsp; [ protocols bgp group \u0026lt;group\u0026gt; neighbor ... ]\u003c/p\u003e"
}
],
"value": "To be exposed to this vulnerability BGP needs to be configured as in the following example, but no further options need to be enabled:\n\n\u00a0 [ protocols bgp group \u003cgroup\u003e neighbor ... ]"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juniper SIRT would like to acknowledge and thank Matteo Memelli from Amazon for responsibly reporting this vulnerability."
}
],
"datePublic": "2024-04-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eIf a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.\u003cbr\u003e\u003cbr\u003eThis issue affects Juniper Networks\u003cbr\u003eJunos OS:\u003cbr\u003e\u003cul\u003e\u003cli\u003e20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;\u003c/li\u003e\u003cli\u003e21.2 versions earlier than 21.2R3-S7;\u003c/li\u003e\u003cli\u003e21.3 versions earlier than 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions earlier than 21.4R3-S5;\u003c/li\u003e\u003cli\u003e22.1 versions earlier than 22.1R3-S4;\u003c/li\u003e\u003cli\u003e22.2 versions earlier than 22.2R3-S3;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R3-S1;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R3;\u003c/li\u003e\u003cli\u003e23.2 versions earlier than 23.2R1-S2, 23.2R2;\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003e20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO;\u003c/li\u003e\u003cli\u003e21.2-EVO versions earlier than 21.2R3-S7-EVO;\u003c/li\u003e\u003cli\u003e21.3-EVO versions earlier than 21.3R3-S5-EVO;\u003c/li\u003e\u003cli\u003e21.4-EVO versions earlier than 21.4R3-S5-EVO;\u003c/li\u003e\u003cli\u003e22.1-EVO versions earlier than 22.1R3-S4-EVO;\u003c/li\u003e\u003cli\u003e22.2-EVO versions earlier than 22.2R3-S3-EVO;\u003c/li\u003e\u003cli\u003e22.3-EVO versions earlier than 22.3R3-S1-EVO;\u003c/li\u003e\u003cli\u003e22.4-EVO versions earlier than 22.4R3-EVO;\u003c/li\u003e\u003cli\u003e23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eThis issue does not affect Juniper Networks\u003cbr\u003e\u003cul\u003e\u003cli\u003eJunos OS versions earlier than 20.4R1;\u003c/li\u003e\u003cli\u003eJunos OS Evolved versions earlier than 20.4R1-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eThis is a related but separate issue than the one described in JSA79095.\u003cbr\u003e"
}
],
"value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.\n\nThis issue affects Juniper Networks\nJunos OS:\n * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S3;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R3;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2;\n\n\n\nJunos OS Evolved:\n * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO;\n * 21.2-EVO versions earlier than 21.2R3-S7-EVO;\n * 21.3-EVO versions earlier than 21.3R3-S5-EVO;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\n * 22.2-EVO versions earlier than 22.2R3-S3-EVO;\n * 22.3-EVO versions earlier than 22.3R3-S1-EVO;\n * 22.4-EVO versions earlier than 22.4R3-EVO;\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;\n\n\n\nThis issue does not affect Juniper Networks\n * Junos OS versions earlier than 20.4R1;\n * Junos OS Evolved versions earlier than 20.4R1-EVO.\n\n\n\nThis is a related but separate issue than the one described in JSA79095."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T19:53:00.228Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "http://supportportal.juniper.net/JSA75739"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eJunos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases;\u003c/p\u003e\u003cp\u003eJunos OS Evolved: 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 20.4R3-S9, 21.2R3-S7, 21.3R3-S5, 21.4R3-S5, 22.1R3-S4, 22.2R3-S3, 22.3R3-S1, 22.4R3, 23.2R1-S2, 23.2R2, 23.4R1, and all subsequent releases;\n\nJunos OS Evolved: 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 22.1R3-S4-EVO, 22.2R3-S3-EVO, 22.3R3-S1-EVO, 22.4R3-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA75739",
"defect": [
"1760356"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-04-10T16:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21598",
"datePublished": "2024-04-12T14:54:23.761Z",
"dateReserved": "2023-12-27T19:38:25.705Z",
"dateUpdated": "2024-08-01T22:27:36.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21595 (GCVE-0-2024-21595)
Vulnerability from cvelistv5 – Published: 2024-01-12 00:52 – Updated: 2024-09-03 18:13- CWE-1286 - Improper Validation of Syntactic Correctness of Input
- Denial of Service (DoS)
| URL | Tags |
|---|---|
| https://advisory.juniper.net/JSA75734 | vendor-advisory |
| https://www.first.org/cvss/calculator/4.0#CVSS:4.… | technical-description |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
21.4R3 , < 21.4R3-S4
(semver)
Affected: 22.1R3 , < 22.1R3-S3 (semver) Affected: 22.2R2 , < 22.2R3-S1 (semver) Affected: 22.3 , < 22.3R2-S2, 22.3R3 (semver) Affected: 22.4 , < 22.4R2 (semver) Affected: 23.1 , < 23.1R2 (semver) |
|
| juniper | junos |
Affected:
21.4R3 , < 21.4R3-S4
(semver)
Affected: 22.1R3 , < 22.1R3-S3 (semver) Affected: 22.2R2 , < 22.2R3-S1 (semver) Affected: 22.3 , < 22.3R2-S2 (semver) Affected: 22.3 , < 22.3R3 (semver) Affected: 22.4 , < 22.4R2 (semver) Affected: 23.1 , < 23.1R2 (semver) cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:34.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://advisory.juniper.net/JSA75734"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4R3",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3",
"status": "affected",
"version": "22.1R3",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S1",
"status": "affected",
"version": "22.2R2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.1R2",
"status": "affected",
"version": "23.1",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T18:46:03.901666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:13:05.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EX4100",
"EX4400",
"EX4600",
"QFX5000 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S4",
"status": "affected",
"version": "21.4R3",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S3",
"status": "affected",
"version": "22.1R3",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S1",
"status": "affected",
"version": "22.2R2",
"versionType": "semver"
},
{
"lessThan": "22.3R2-S2, 22.3R3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.1R2",
"status": "affected",
"version": "23.1",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be exposed to this issue the device needs be configured for VXLAN with either of the following statements:\u003c/p\u003e\u003ccode\u003e [ vlans \u0026lt;vlan\u0026gt; vxlan ]\u003c/code\u003e\u003cbr/\u003e\u003ccode\u003e [ routing-instances \u0026lt;routing-instance\u0026gt; vxlan ]\u003c/code\u003e\u003cbr/\u003e"
}
],
"value": "To be exposed to this issue the device needs be configured for VXLAN with either of the following statements:\n\n [ vlans \u003cvlan\u003e vxlan ]\n [ routing-instances \u003crouting-instance\u003e vxlan ]\n"
}
],
"datePublic": "2024-01-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eAn Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003eIf an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.\u003c/p\u003e\u003cp\u003eThis issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJuniper Networks Junos OS\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e21.4R3 versions earlier than 21.4R3-S4;\u003c/li\u003e\u003cli\u003e22.1R3 versions earlier than 22.1R3-S3;\u003c/li\u003e\u003cli\u003e22.2R2 versions earlier than 22.2R3-S1;\u003c/li\u003e\u003cli\u003e22.3 versions earlier than 22.3R2-S2, 22.3R3;\u003c/li\u003e\u003cli\u003e22.4 versions earlier than 22.4R2;\u003c/li\u003e\u003cli\u003e23.1 versions earlier than 23.1R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
}
],
"value": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device.\n\nThis issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * 21.4R3 versions earlier than 21.4R3-S4;\n * 22.1R3 versions earlier than 22.1R3-S3;\n * 22.2R2 versions earlier than 22.2R3-S1;\n * 22.3 versions earlier than 22.3R2-S2, 22.3R3;\n * 22.4 versions earlier than 22.4R2;\n * 23.1 versions earlier than 23.1R2.\n\n\n\n\n\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T00:52:35.433Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://advisory.juniper.net/JSA75734"
},
{
"tags": [
"technical-description"
],
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: Junos OS 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2, 23.1R2, 23.2R1, and all subsequent releases.\u003c/p\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2, 23.1R2, 23.2R1, and all subsequent releases.\n\n"
}
],
"source": {
"advisory": "JSA75734",
"defect": [
"1719542"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-10T17:00:00.000Z",
"value": "Initial Publication"
}
],
"title": "Junos OS: EX4100, EX4400, EX4600, QFX5000 Series: A high rate of specific ICMP traffic will cause the PFE to hang",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-av217"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-21595",
"datePublished": "2024-01-12T00:52:35.433Z",
"dateReserved": "2023-12-27T19:38:25.704Z",
"dateUpdated": "2024-09-03T18:13:05.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8772 (GCVE-0-2024-8772)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:24 – Updated: 2025-03-28 07:16- CWE-1286 - Improper Validation of Syntactic Correctness of Input
| Vendor | Product | Version | |
|---|---|---|---|
| Axis Communications AB | AXIS OS |
Affected:
9.80.0 , < 9.80.84
(semver)
Affected: 10.0.0 , < 10.12.259 (semver) Affected: 11.0.0 , < 11.11.118 (semver) Affected: 12.0.0 , < 12.1.28 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:03:47.694750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:09:25.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS OS",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "9.80.84",
"status": "affected",
"version": "9.80.0",
"versionType": "semver"
},
{
"lessThan": "10.12.259",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThan": "11.11.118",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
},
{
"lessThan": "12.1.28",
"status": "affected",
"version": "12.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API \u003ci\u003emanagedoverlayimages.cgi\u003c/i\u003e was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\n\u003cbr\u003e"
}
],
"value": "51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T07:16:28.604Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/permalink/231072/cve-2024-8772pdf-en-US_InternalID-231072.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2024-8772",
"datePublished": "2024-11-26T07:24:27.026Z",
"dateReserved": "2024-09-13T04:58:51.727Z",
"dateUpdated": "2025-03-28T07:16:28.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8160 (GCVE-0-2024-8160)
Vulnerability from cvelistv5 – Published: 2024-11-26 07:27 – Updated: 2025-03-28 07:18- CWE-1286 - Improper Validation of Syntactic Correctness of Input
| Vendor | Product | Version | |
|---|---|---|---|
| Axis Communications AB | AXIS OS |
Affected:
10.9.0 , < 10.12.257
(semver)
Unaffected: 11.0.0 , < 11.11.116 (semver) Affected: 12.0.0 , < 12.1.21 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:03:54.135932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:09:25.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AXIS OS",
"vendor": "Axis Communications AB",
"versions": [
{
"lessThan": "10.12.257",
"status": "affected",
"version": "10.9.0",
"versionType": "semver"
},
{
"lessThan": "11.11.116",
"status": "unaffected",
"version": "11.0.0",
"versionType": "semver"
},
{
"lessThan": "12.1.21",
"status": "affected",
"version": "12.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API \u003ci\u003eftptest.cgi\u003c/i\u003e did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n\n\u003cbr\u003e"
}
],
"value": "Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account. \nAxis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T07:18:14.700Z",
"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"shortName": "Axis"
},
"references": [
{
"url": "https://www.axis.com/dam/public/permalink/231071/cve-2024-8160pdf-en-US_InternalID-231071.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
"assignerShortName": "Axis",
"cveId": "CVE-2024-8160",
"datePublished": "2024-11-26T07:27:32.229Z",
"dateReserved": "2024-08-26T06:30:37.790Z",
"dateUpdated": "2025-03-28T07:18:14.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7954 (GCVE-0-2024-7954)
Vulnerability from cvelistv5 – Published: 2024-08-23 17:43 – Updated: 2025-11-22 12:12| URL | Tags |
|---|---|
| https://vulncheck.com/advisories/spip-porte-plume | third-party-advisory |
| https://blog.spip.net/Mise-a-jour-critique-de-sec… | vendor-advisory |
| https://thinkloveshare.com/hacking/spip_preauth_r… | technical-descriptionexploit |
| Vendor | Product | Version | |
|---|---|---|---|
| SPIP | SPIP |
Affected:
4.3.0-alpha , < 4.3.0-alpha2
(custom)
Affected: 4.2.0 , < 4.2.13 (semver) Affected: 4.1.0 , < 4.1.16 (semver) |
|
| spip | spip |
Affected:
4.3.0-alpha , < 4.3.0-alpha2
(custom)
Affected: 4.2.0 , < 4.2.13 (semver) Affected: 4.1.0 , < 4.1.16 (semver) cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "spip",
"vendor": "spip",
"versions": [
{
"lessThan": "4.3.0-alpha2",
"status": "affected",
"version": "4.3.0-alpha",
"versionType": "custom"
},
{
"lessThan": "4.2.13",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.16",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T18:26:49.808289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T18:31:44.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPIP",
"vendor": "SPIP",
"versions": [
{
"lessThan": "4.3.0-alpha2",
"status": "affected",
"version": "4.3.0-alpha",
"versionType": "custom"
},
{
"lessThan": "4.2.13",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.16",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.0-alpha2",
"versionStartIncluding": "4.3.0-alpha",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1.16",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Louka Jacques-Chevallier"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.\u003cbr\u003e"
}
],
"value": "The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-22T12:12:14.668Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/spip-porte-plume"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SPIP porte_plume Plugin Arbitrary PHP Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-7954",
"datePublished": "2024-08-23T17:43:20.967Z",
"dateReserved": "2024-08-19T18:16:30.180Z",
"dateUpdated": "2025-11-22T12:12:14.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6763 (GCVE-0-2024-6763)
Vulnerability from cvelistv5 – Published: 2024-10-14 15:06 – Updated: 2025-03-07 00:10| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | Jetty |
Affected:
7.0.0 , ≤ 12.0.11
(semver)
|
|
| eclipse | jetty |
Affected:
7.0.0 , ≤ 12.0.11
(semver)
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "jetty",
"vendor": "eclipse",
"versions": [
{
"lessThanOrEqual": "12.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6763",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:44:14.448650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:45:35.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-07T00:10:46.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250306-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2/",
"defaultStatus": "unaffected",
"modules": [
"jetty-http"
],
"packageName": "org.eclipse.jetty:jetty-http",
"product": "Jetty",
"repo": "https://github.com/jetty/jetty.project",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "12.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "https://github.com/zer0yu"
}
],
"datePublic": "2024-10-14T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eEclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, \u003ccode\u003eHttpURI\u003c/code\u003e, for URI/URL parsing.\u003c/p\u003e\u003cp\u003eThe \u003ccode\u003eHttpURI\u003c/code\u003e class does insufficient validation on the authority segment of a URI. However the behaviour of \u003ccode\u003eHttpURI\u003c/code\u003e\n differs from the common browsers in how it handles a URI that would be \nconsidered invalid if fully validated against the RRC. Specifically \u003ccode\u003eHttpURI\u003c/code\u003e\n and the browser may differ on the value of the host extracted from an \ninvalid URI and thus a combination of Jetty and a vulnerable browser may\n be vulnerable to a open redirect attack or to a SSRF attack if the URI \nis used after passing validation checks.\u003c/p\u003e"
}
],
"value": "Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.\n\nThe HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI\n differs from the common browsers in how it handles a URI that would be \nconsidered invalid if fully validated against the RRC. Specifically HttpURI\n and the browser may differ on the value of the host extracted from an \ninvalid URI and thus a combination of Jetty and a vulnerable browser may\n be vulnerable to a open redirect attack or to a SSRF attack if the URI \nis used after passing validation checks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-14T15:30:38.815Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh"
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/25"
},
{
"url": "https://github.com/jetty/jetty.project/pull/12012"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Jetty URI parsing of invalid authority",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe attacks outlined above rely on decoded user data being passed to the \u003ccode\u003eHttpURI\u003c/code\u003e class. Application should not pass decoded user data as an encoded URI to any URI class/method, including \u003ccode\u003eHttpURI\u003c/code\u003e. Such applications are likely to be vulnerable in other ways.\u003cbr\u003e\nThe immediate solution is to upgrade to a version of the class that will\n fully validate the characters of the URI authority. Ultimately, Jetty \nwill deprecate and remove support for user info in the authority per \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://datatracker.ietf.org/doc/html/rfc9110#section-4.2.4\"\u003eRFC9110 Section 4.2.4\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eNote that the Chrome (and other browsers) parse the \ninvalid user info section improperly as well (due to flawed WhatWG URL \nparsing rules that do not apply outside of a Web Browser).\u003c/p\u003e"
}
],
"value": "The attacks outlined above rely on decoded user data being passed to the HttpURI class. Application should not pass decoded user data as an encoded URI to any URI class/method, including HttpURI. Such applications are likely to be vulnerable in other ways.\n\nThe immediate solution is to upgrade to a version of the class that will\n fully validate the characters of the URI authority. Ultimately, Jetty \nwill deprecate and remove support for user info in the authority per RFC9110 Section 4.2.4 https://datatracker.ietf.org/doc/html/rfc9110#section-4.2.4 .\n\n\nNote that the Chrome (and other browsers) parse the \ninvalid user info section improperly as well (due to flawed WhatWG URL \nparsing rules that do not apply outside of a Web Browser)."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-6763",
"datePublished": "2024-10-14T15:06:07.298Z",
"dateReserved": "2024-07-15T17:37:53.605Z",
"dateUpdated": "2025-03-07T00:10:46.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6284 (GCVE-0-2024-6284)
Vulnerability from cvelistv5 – Published: 2024-07-03 22:58 – Updated: 2025-09-08 09:36| Vendor | Product | Version | |
|---|---|---|---|
| https://github.com/google/nftables |
Affected:
0.1.0
Unaffected: 0.2.0 |
||
| netfilter | nftables |
Affected:
0.1.0 , < 0.2.0
(custom)
cpe:2.3:a:netfilter:nftables:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/google/nftables/issues/225"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netfilter:nftables:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nftables",
"vendor": "netfilter",
"versions": [
{
"lessThan": "0.2.0",
"status": "affected",
"version": "0.1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6284",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T14:56:05.757333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T14:58:42.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "https://github.com/google/nftables",
"repo": "https://github.com/google/nftables",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "0.1.0"
},
{
"status": "unaffected",
"version": "0.2.0"
}
]
}
],
"datePublic": "2024-05-13T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/google/nftables\"\u003ehttps://github.com/google/nftables\u003c/a\u003e\u0026nbsp;IP addresses were encoded in the wrong byte order,\u0026nbsp;resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).\u003cbr\u003e\u003cbr\u003eThis issue affects:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://pkg.go.dev/github.com/google/nftables@v0.1.0\"\u003ehttps://pkg.go.dev/github.com/google/nftables@v0.1.0\u003c/a\u003e\u003cbr\u003e\u003cbr\u003eThe bug was fixed in the next released version:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://pkg.go.dev/github.com/google/nftables@v0.2.0\"\u003ehttps://pkg.go.dev/github.com/google/nftables@v0.2.0\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "In https://github.com/google/nftables \u00a0IP addresses were encoded in the wrong byte order,\u00a0resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses).\n\nThis issue affects:\u00a0 https://pkg.go.dev/github.com/google/nftables@v0.1.0 \n\nThe bug was fixed in the next released version:\u00a0 https://pkg.go.dev/github.com/google/nftables@v0.2.0"
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1389",
"description": "CWE-1389 Incorrect Parsing of Numbers with Different Radices",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T09:36:50.396Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/google/nftables/issues/225"
},
{
"url": "https://github.com/crowdsecurity/cs-firewall-bouncer/issues/368"
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/crowdsec-firewall-bouncer/+bug/2069596"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper IPv4 and IPv6 byte order storage in github.com/google/nftables",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2024-6284",
"datePublished": "2024-07-03T22:58:17.340Z",
"dateReserved": "2024-06-24T13:16:59.140Z",
"dateUpdated": "2025-09-08T09:36:50.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
CAPEC-66: SQL Injection
This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input.
CAPEC-676: NoSQL Injection
An adversary targets software that constructs NoSQL statements based on user input or with parameters vulnerable to operator replacement in order to achieve a variety of technical impacts such as escalating privileges, bypassing authentication, and/or executing code.