CWE-354
AllowedImproper Validation of Integrity Check Value
Abstraction: Base · Status: Draft
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
231 vulnerabilities reference this CWE, most recent first.
CVE-2023-4929 (GCVE-0-2023-4929)
Vulnerability from cvelistv5 – Published: 2023-10-03 13:54 – Updated: 2024-09-23 13:29- CWE-354 - Improper Validation of Integrity Check Value
| URL | Tags |
|---|---|
| https://www.moxa.com/en/support/product-support/s… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Moxa | NPort 5000AI-M12 Series |
Affected:
1.0 , ≤ 1.5
(custom)
|
|
| Moxa | NPort 5100 Series |
Affected:
1.0 , ≤ 3.10
(custom)
|
|
| Moxa | NPort 5100A Series |
Affected:
1.0 , ≤ 1.6
(custom)
|
|
| Moxa | NPort 5200 Series |
Affected:
1.0 , ≤ 2.12
(custom)
|
|
| Moxa | NPort 5200A Series |
Affected:
1.0 , ≤ 1.6
(custom)
|
|
| Moxa | NPort 5400 Series |
Affected:
1.0 , ≤ 3.14
(custom)
|
|
| Moxa | NPort 5600 Series |
Affected:
1.0 , ≤ 3.11
(custom)
|
|
| Moxa | NPort 5600-DT Series |
Affected:
1.0 , ≤ 2.9
(custom)
|
|
| Moxa | NPort IA5000 Series |
Affected:
1.0 , ≤ 2.1
(custom)
|
|
| Moxa | NPort IA5000A Series |
Affected:
1.0 , ≤ 2.0
(custom)
|
|
| Moxa | NPort IA5000A-I/O Series |
Affected:
1.0 , ≤ 2.0
(custom)
|
|
| Moxa | NPort IAW5000A-I/O Series |
Affected:
1.0 , ≤ 2.2
(custom)
|
|
| Moxa | NPort P5150A Series |
Affected:
1.0 , ≤ 1.6
(custom)
|
|
| moxa | nport_5100ai_m12 |
Affected:
1.0 , ≤ 1.5
(custom)
cpe:2.3:a:moxa:nport_5100ai_m12:*:*:*:*:*:*:*:* |
|
| moxa | nport_5100 |
Affected:
1.0 , ≤ 3.10
(custom)
cpe:2.3:a:moxa:nport_5100:*:*:*:*:*:*:*:* |
|
| moxa | nport_5100a |
Affected:
1.0 , ≤ 1.6
(custom)
cpe:2.3:h:moxa:nport_5100a:-:*:*:*:*:*:*:* |
|
| moxa | nport_5200_series_firmware |
Affected:
1.0 , ≤ 2.12
(custom)
cpe:2.3:o:moxa:nport_5200_series_firmware:2.7:*:*:*:*:*:*:* |
|
| moxa | nport_5200a_series_firmware |
Affected:
1.0 , ≤ 2.12
(custom)
cpe:2.3:o:moxa:nport_5200a_series_firmware:1.2:*:*:*:*:*:*:* |
|
| moxa | nport_5600_series_firmware |
Affected:
1.0 , ≤ 3.11
(custom)
cpe:2.3:a:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:* |
|
| moxa | nport_5600_dt |
Affected:
1.0 , ≤ 2.9
(custom)
cpe:2.3:a:moxa:nport_5600_dt:*:*:*:*:*:*:*:* |
|
| moxa | nport_ia_5000 |
Affected:
1.0 , ≤ 2.1
(custom)
cpe:2.3:a:moxa:nport_ia_5000:*:*:*:*:*:*:*:* |
|
| moxa | nport_ia_5000a |
Affected:
1.0 , ≤ 2.0
(custom)
cpe:2.3:a:moxa:nport_ia_5000a:*:*:*:*:*:*:*:* |
|
| moxa | nport_ia_5000a_io |
Affected:
1.0 , ≤ 2.0
(custom)
cpe:2.3:a:moxa:nport_ia_5000a_io:*:*:*:*:*:*:*:* |
|
| moxa | nport_iaw_5000a_io |
Affected:
1.0 , ≤ 2.2
(custom)
cpe:2.3:a:moxa:nport_iaw_5000a_io:*:*:*:*:*:*:*:* |
|
| moxa | nport_p5150a |
Affected:
1.0 , ≤ 1.6
(custom)
cpe:2.3:a:moxa:nport_p5150a:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:52.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-233328-nport-5000-series-firmware-improper-validation-of-integrity-check-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:moxa:nport_5100ai_m12:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_5100ai_m12",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_5100:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_5100",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:moxa:nport_5100a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_5100a",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:moxa:nport_5200_series_firmware:2.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_5200_series_firmware",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:moxa:nport_5200a_series_firmware:1.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_5200a_series_firmware",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_5600_series_firmware",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_5600_dt:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_5600_dt",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_ia_5000:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_ia_5000",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_ia_5000a:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_ia_5000a",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_ia_5000a_io:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_ia_5000a_io",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_iaw_5000a_io:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_iaw_5000a_io",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "2.2",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:moxa:nport_p5150a:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "nport_p5150a",
"vendor": "moxa",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T13:08:12.493856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T13:29:04.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NPort 5000AI-M12 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.5",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort 5100 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.10",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort 5100A Series ",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort 5200 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.12",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort 5200A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort 5400 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.14",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort 5600 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "3.11",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort 5600-DT Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.9",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort IA5000 Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort IA5000A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort IA5000A-I/O Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort IAW5000A-I/O Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "2.2",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NPort P5150A Series",
"vendor": "Moxa",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAll firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.\u003c/p\u003e"
}
],
"value": "All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-145",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-145 Checksum Spoofing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-03T13:54:49.293Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-233328-nport-5000-series-firmware-improper-validation-of-integrity-check-vulnerability"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDue to design restrictions, we could not fix this vulnerability in NPort 5000 Series. We suggest users follow the instructions in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.moxa.com/getmedia/67b5e549-a125-4a6a-b99b-23017c75cfc1/moxa-the-security-hardening-guide-for-the-nport-5000-series-tech-note-v1.1.pdf\"\u003e\u003cu\u003ehardening guide\u003c/u\u003e\u003c/a\u003e in order to mitigate this vulnerability. Additionally, refer to the following mitigation measures to deploy the product in an appropriate product security context. \u003c/p\u003e\u003cp\u003eMoxa recommends users follow these CISA recommendations. Users should \u003c/p\u003e\u003col\u003e\u003cli\u003eReduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet.\u003c/li\u003e\u003cli\u003ePlace control system networks and remote devices behind firewalls, isolating them from business networks.\u003c/li\u003e\u003cli\u003eWhen remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.\u003c/li\u003e\u003c/ol\u003e"
}
],
"value": "Due to design restrictions, we could not fix this vulnerability in NPort 5000 Series. We suggest users follow the instructions in the hardening guide https://www.moxa.com/getmedia/67b5e549-a125-4a6a-b99b-23017c75cfc1/moxa-the-security-hardening-guide-for-the-nport-5000-series-tech-note-v1.1.pdf in order to mitigate this vulnerability. Additionally, refer to the following mitigation measures to deploy the product in an appropriate product security context. \n\nMoxa recommends users follow these CISA recommendations. Users should \n\n * Reduce network exposure by ensuring that all control system devices and systems are not accessible from the Internet.\n * Place control system networks and remote devices behind firewalls, isolating them from business networks.\n * When remote access is necessary, employ secure methods such as Virtual Private Networks (VPNs). It is important to note that VPNs may have vulnerabilities and should be kept up to date with the latest available version. Remember that the security of a VPN depends on the security of its connected devices.\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "NPort 5000 Series Firmware Improper Validation of Integrity Check Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2023-4929",
"datePublished": "2023-10-03T13:54:49.293Z",
"dateReserved": "2023-09-13T01:12:13.466Z",
"dateUpdated": "2024-09-23T13:29:04.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2975 (GCVE-0-2023-2975)
Vulnerability from cvelistv5 – Published: 2023-07-14 11:16 – Updated: 2025-04-23 16:20- CWE-354 - Improper Validation of Integrity Check Value
| URL | Tags |
|---|---|
| https://www.openssl.org/news/secadv/20230714.txt | vendor-advisory |
| https://git.openssl.org/gitweb/?p=openssl.git;a=c… | patch |
| https://git.openssl.org/gitweb/?p=openssl.git;a=c… | patch |
| http://www.openwall.com/lists/oss-security/2023/07/15/1 | x_transferred |
| http://www.openwall.com/lists/oss-security/2023/07/19/5 | x_transferred |
| https://security.netapp.com/advisory/ntap-2023072… | x_transferred |
| https://security.gentoo.org/glsa/202402-08 | x_transferred |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20230714.txt"
},
{
"name": "3.1.2 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc"
},
{
"name": "3.0.10 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/15/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/19/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230725-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-08"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:26:23.638671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:20:14.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.1.2",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThan": "3.0.10",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Juerg Wullschleger (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tomas Mraz"
}
],
"datePublic": "2023-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\u003cbr\u003eit to ignore empty associated data entries which are unauthenticated as\u003cbr\u003ea consequence.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the AES-SIV algorithm and want to\u003cbr\u003eauthenticate empty data entries as associated data can be misled by removing,\u003cbr\u003eadding or reordering such empty entries as these are ignored by the OpenSSL\u003cbr\u003eimplementation. We are currently unaware of any such applications.\u003cbr\u003e\u003cbr\u003eThe AES-SIV algorithm allows for authentication of multiple associated\u003cbr\u003edata entries along with the encryption. To authenticate empty data the\u003cbr\u003eapplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\u003cbr\u003eNULL pointer as the output buffer and 0 as the input buffer length.\u003cbr\u003eThe AES-SIV implementation in OpenSSL just returns success for such a call\u003cbr\u003einstead of performing the associated data authentication operation.\u003cbr\u003eThe empty data thus will not be authenticated.\u003cbr\u003e\u003cbr\u003eAs this issue does not affect non-empty associated data authentication and\u003cbr\u003ewe expect it to be rare for an application to use empty associated data\u003cbr\u003eentries this is qualified as Low severity issue."
}
],
"value": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be misled by removing,\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-14T14:55:45.748Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.openssl.org/news/secadv/20230714.txt"
},
{
"name": "3.1.2 git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc"
},
{
"name": "3.0.10 git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AES-SIV implementation ignores empty associated data entries",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2023-2975",
"datePublished": "2023-07-14T11:16:25.151Z",
"dateReserved": "2023-05-30T10:29:34.539Z",
"dateUpdated": "2025-04-23T16:20:14.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45142 (GCVE-0-2022-45142)
Vulnerability from cvelistv5 – Published: 2023-03-06 00:00 – Updated: 2025-03-06 20:20| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2023/… | |
| https://security.gentoo.org/glsa/202310-06 | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/02/08/1"
},
{
"name": "GLSA-202310-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T20:20:44.599013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T20:20:48.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samba",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding \"!= 0\" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-08T08:06:31.799Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2023/02/08/1"
},
{
"name": "GLSA-202310-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-45142",
"datePublished": "2023-03-06T00:00:00.000Z",
"dateReserved": "2022-11-10T00:00:00.000Z",
"dateUpdated": "2025-03-06T20:20:48.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39845 (GCVE-0-2022-39845)
Vulnerability from cvelistv5 – Published: 2022-09-09 14:39 – Updated: 2024-08-03 12:07- CWE-354 - Improper Validation of Integrity Check Value
| URL | Tags |
|---|---|
| https://security.samsungmobile.com/serviceWeb.sms… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Samsung Kies |
Affected:
unspecified , < 2.6.4.22074
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:43.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Samsung Kies",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "2.6.4.22074",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T16:35:37.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-39845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Kies",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "",
"version_value": "2.6.4.22074"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-354 Improper Validation of Integrity Check Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-39845",
"datePublished": "2022-09-09T14:39:57.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T12:07:43.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39844 (GCVE-0-2022-39844)
Vulnerability from cvelistv5 – Published: 2022-09-09 14:39 – Updated: 2024-08-03 12:07- CWE-354 - Improper Validation of Integrity Check Value
| URL | Tags |
|---|---|
| https://security.samsungmobile.com/serviceWeb.sms… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Smart Switch PC |
Affected:
unspecified , < 4.3.22083
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Switch PC",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "4.3.22083",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T16:36:37.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-39844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Switch PC",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "",
"version_value": "4.3.22083"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-354 Improper Validation of Integrity Check Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=09"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-39844",
"datePublished": "2022-09-09T14:39:57.000Z",
"dateReserved": "2022-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T12:07:42.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35961 (GCVE-0-2022-35961)
Vulnerability from cvelistv5 – Published: 2022-08-14 00:05 – Updated: 2025-04-23 17:50- CWE-354 - Improper Validation of Integrity Check Value
| URL | Tags |
|---|---|
| https://github.com/OpenZeppelin/openzeppelin-cont… | x_refsource_CONFIRM |
| https://github.com/OpenZeppelin/openzeppelin-cont… | x_refsource_MISC |
| https://github.com/OpenZeppelin/openzeppelin-cont… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| OpenZeppelin | openzeppelin-contracts |
Affected:
>= 4.1.0, < 4.7.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:51:59.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-4h98-2769-gh6h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3610"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.7.3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:50:53.166445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T17:50:36.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "openzeppelin-contracts",
"vendor": "OpenZeppelin",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.1.0, \u003c 4.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issue for the functions that take a single `bytes` argument, and not the functions that take `r, v, s` or `r, vs` as separate arguments. The potentially affected contracts are those that implement signature reuse or replay protection by marking the signature itself as used rather than the signed message or a nonce included in it. A user may take a signature that has already been submitted, submit it again in a different form, and bypass this protection. The issue has been patched in 4.7.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T00:05:09.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-4h98-2769-gh6h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3610"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.7.3"
}
],
"source": {
"advisory": "GHSA-4h98-2769-gh6h",
"discovery": "UNKNOWN"
},
"title": "ECDSA signature malleability in OpenZeppelin Contracts",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-35961",
"STATE": "PUBLIC",
"TITLE": "ECDSA signature malleability in OpenZeppelin Contracts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openzeppelin-contracts",
"version": {
"version_data": [
{
"version_value": "\u003e= 4.1.0, \u003c 4.7.3"
}
]
}
}
]
},
"vendor_name": "OpenZeppelin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenZeppelin Contracts is a library for secure smart contract development. The functions `ECDSA.recover` and `ECDSA.tryRecover` are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issue for the functions that take a single `bytes` argument, and not the functions that take `r, v, s` or `r, vs` as separate arguments. The potentially affected contracts are those that implement signature reuse or replay protection by marking the signature itself as used rather than the signed message or a nonce included in it. A user may take a signature that has already been submitted, submit it again in a different form, and bypass this protection. The issue has been patched in 4.7.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-354: Improper Validation of Integrity Check Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-4h98-2769-gh6h",
"refsource": "CONFIRM",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-4h98-2769-gh6h"
},
{
"name": "https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3610",
"refsource": "MISC",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3610"
},
{
"name": "https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.7.3",
"refsource": "MISC",
"url": "https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.7.3"
}
]
},
"source": {
"advisory": "GHSA-4h98-2769-gh6h",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-35961",
"datePublished": "2022-08-14T00:05:09.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2025-04-23T17:50:36.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33711 (GCVE-0-2022-33711)
Vulnerability from cvelistv5 – Published: 2022-07-11 13:37 – Updated: 2024-08-03 08:09- CWE-354 - Improper Validation of Integrity Check Value
| URL | Tags |
|---|---|
| https://security.samsungmobile.com/serviceWeb.sms… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Samsung Mobile | Samsung USB Driver Windows Installer for Mobile Phones |
Affected:
unspecified , < 1.7.56.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022\u0026month=07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Samsung USB Driver Windows Installer for Mobile Phones",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "1.7.56.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using directory junction."
}
],
"metrics": [
{
"other": {
"content": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T13:37:34.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022\u0026month=07"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-33711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung USB Driver Windows Installer for Mobile Phones",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "",
"version_value": "1.7.56.0"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using directory junction."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-354 Improper Validation of Integrity Check Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022\u0026month=07",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022\u0026month=07"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2022-33711",
"datePublished": "2022-07-11T13:37:34.000Z",
"dateReserved": "2022-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T08:09:22.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29898 (GCVE-0-2022-29898)
Vulnerability from cvelistv5 – Published: 2022-05-11 14:25 – Updated: 2024-09-16 19:15- CWE-354 - Improper Validation of Integrity Check Value
| URL | Tags |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2022-018/ | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| PHOENIX CONTACT | RAD-ISM-900-EN-BD/B |
Affected:
All Versions
|
|
| PHOENIX CONTACT | RAD-ISM-900-EN-BD |
Affected:
All Versions
|
|
| PHOENIX CONTACT | RAD-ISM-900-EN-BD-BUS |
Affected:
All Versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RAD-ISM-900-EN-BD/B",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "RAD-ISM-900-EN-BD",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"product": "RAD-ISM-900-EN-BD-BUS",
"vendor": "PHOENIX CONTACT",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "The vulnerabilities were discovered and reported by Logan Carpenter of DRAGOS."
}
],
"datePublic": "2022-05-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T14:25:23.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-018/"
}
],
"source": {
"advisory": "VDE-2022-018",
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-05-11T13:00:00.000Z",
"ID": "CVE-2022-29898",
"STATE": "PUBLIC",
"TITLE": "Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RAD-ISM-900-EN-BD/B",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All Versions",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "RAD-ISM-900-EN-BD",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All Versions",
"version_value": "All Versions"
}
]
}
},
{
"product_name": "RAD-ISM-900-EN-BD-BUS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All Versions",
"version_value": "All Versions"
}
]
}
}
]
},
"vendor_name": "PHOENIX CONTACT"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "The vulnerabilities were discovered and reported by Logan Carpenter of DRAGOS."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-354 Improper Validation of Integrity Check Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-018/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-018/"
}
]
},
"source": {
"advisory": "VDE-2022-018",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-29898",
"datePublished": "2022-05-11T14:25:24.072Z",
"dateReserved": "2022-04-28T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:15:11.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29173 (GCVE-0-2022-29173)
Vulnerability from cvelistv5 – Published: 2022-05-05 22:30 – Updated: 2025-04-23 18:31- CWE-354 - Improper Validation of Integrity Check Value
| URL | Tags |
|---|---|
| https://github.com/theupdateframework/go-tuf/secu… | x_refsource_CONFIRM |
| https://github.com/theupdateframework/go-tuf/comm… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| theupdateframework | go-tuf |
Affected:
< 0.3.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:53:34.573720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:31:00.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "go-tuf",
"vendor": "theupdateframework",
"versions": [
{
"status": "affected",
"version": "\u003c 0.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354: Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T22:30:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d"
}
],
"source": {
"advisory": "GHSA-66x3-6cw3-v5gj",
"discovery": "UNKNOWN"
},
"title": "No protection against rollback attacks in go-tuf",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29173",
"STATE": "PUBLIC",
"TITLE": "No protection against rollback attacks in go-tuf"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "go-tuf",
"version": {
"version_data": [
{
"version_value": "\u003c 0.3.0"
}
]
}
}
]
},
"vendor_name": "theupdateframework"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-354: Improper Validation of Integrity Check Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj",
"refsource": "CONFIRM",
"url": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj"
},
{
"name": "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d",
"refsource": "MISC",
"url": "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d"
}
]
},
"source": {
"advisory": "GHSA-66x3-6cw3-v5gj",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29173",
"datePublished": "2022-05-05T22:30:12.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:31:00.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25946 (GCVE-0-2022-25946)
Vulnerability from cvelistv5 – Published: 2022-05-05 16:21 – Updated: 2024-09-17 03:28- CWE-354 - Improper Validation of Integrity Check Value
| URL | Tags |
|---|---|
| https://support.f5.com/csp/article/K52322100 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | BIG-IP (Advanced WAF, APM, ASM) |
Affected:
16.1.x
Affected: 15.1.x Affected: 14.1.x Affected: 13.1.x Affected: 12.1.x Affected: 11.6.x Unaffected: 17.0.0 , < 17.0.x* (custom) |
|
| F5 | BIG-IP Guided Configuration (GC) |
Affected:
All , < 9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:44.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K52322100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP (Advanced WAF, APM, ASM)",
"vendor": "F5",
"versions": [
{
"status": "affected",
"version": "16.1.x"
},
{
"status": "affected",
"version": "15.1.x"
},
{
"status": "affected",
"version": "14.1.x"
},
{
"status": "affected",
"version": "13.1.x"
},
{
"status": "affected",
"version": "12.1.x"
},
{
"status": "affected",
"version": "11.6.x"
},
{
"lessThan": "17.0.x*",
"status": "unaffected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"product": "BIG-IP Guided Configuration (GC)",
"vendor": "F5",
"versions": [
{
"lessThan": "9.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T16:21:26.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K52322100"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-05-04T14:00:00.000Z",
"ID": "CVE-2022-25946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (Advanced WAF, APM, ASM)",
"version": {
"version_data": [
{
"version_affected": "!\u003e=",
"version_name": "17.0.x",
"version_value": "17.0.0"
},
{
"version_affected": "=",
"version_name": "16.1.x",
"version_value": "16.1.x"
},
{
"version_affected": "=",
"version_name": "15.1.x",
"version_value": "15.1.x"
},
{
"version_affected": "=",
"version_name": "14.1.x",
"version_value": "14.1.x"
},
{
"version_affected": "=",
"version_name": "13.1.x",
"version_value": "13.1.x"
},
{
"version_affected": "=",
"version_name": "12.1.x",
"version_value": "12.1.x"
},
{
"version_affected": "=",
"version_name": "11.6.x",
"version_value": "11.6.x"
}
]
}
},
{
"product_name": "BIG-IP Guided Configuration (GC)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "All",
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-354 Improper Validation of Integrity Check Value"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K52322100",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K52322100"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2022-25946",
"datePublished": "2022-05-05T16:21:26.941Z",
"dateReserved": "2022-04-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:28:41.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used.
CAPEC-145: Checksum Spoofing
An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender's checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient's checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-75: Manipulating Writeable Configuration Files
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.