CWE-489
Active Debug Code
The product is released with debugging code still enabled or active.
CVE-2021-1398 (GCVE-0-2021-1398)
Vulnerability from cvelistv5 – Published: 2021-03-24 20:07 – Updated: 2024-11-08 23:33
VLAI
Title
Cisco IOS XE Software Arbitrary Code Execution Vulnerability
Summary
A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This vulnerability is due to incorrect validations of specific function arguments that are passed to the boot script. An attacker could exploit this vulnerability by tampering with a specific file, which an affected device would process during the initial boot process. On systems that are protected by the Unified Extensible Firmware Interface (UEFI) secure boot feature, a successful exploit could allow the attacker to execute unsigned code at boot time and bypass the image verification check in the secure boot process of the affected device.
Severity
6.8 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Affected:
n/a
|
Date Public
2021-03-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:11:17.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210324 Cisco IOS XE Software Arbitrary Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-ACE-75K3bRWe"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T20:19:41.950697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T23:33:24.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-03-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This vulnerability is due to incorrect validations of specific function arguments that are passed to the boot script. An attacker could exploit this vulnerability by tampering with a specific file, which an affected device would process during the initial boot process. On systems that are protected by the Unified Extensible Firmware Interface (UEFI) secure boot feature, a successful exploit could allow the attacker to execute unsigned code at boot time and bypass the image verification check in the secure boot process of the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-24T20:07:09.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210324 Cisco IOS XE Software Arbitrary Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-ACE-75K3bRWe"
}
],
"source": {
"advisory": "cisco-sa-XE-ACE-75K3bRWe",
"defect": [
[
"CSCvu61463"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XE Software Arbitrary Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-03-24T16:00:00",
"ID": "CVE-2021-1398",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XE Software Arbitrary Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This vulnerability is due to incorrect validations of specific function arguments that are passed to the boot script. An attacker could exploit this vulnerability by tampering with a specific file, which an affected device would process during the initial boot process. On systems that are protected by the Unified Extensible Firmware Interface (UEFI) secure boot feature, a successful exploit could allow the attacker to execute unsigned code at boot time and bypass the image verification check in the secure boot process of the affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.8",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-489"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210324 Cisco IOS XE Software Arbitrary Code Execution Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-XE-ACE-75K3bRWe"
}
]
},
"source": {
"advisory": "cisco-sa-XE-ACE-75K3bRWe",
"defect": [
[
"CSCvu61463"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1398",
"datePublished": "2021-03-24T20:07:09.496Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-11-08T23:33:24.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23861 (GCVE-0-2021-23861)
Vulnerability from cvelistv5 – Published: 2021-12-08 21:17 – Updated: 2024-09-16 17:49
VLAI
Title
Possible Access to Debug Functions in Bosch VRM / BVMS
Summary
By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
Severity
6.5 (Medium)
CWE
- CWE-489 - Active Debug Code
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.bosch.com/security-advisories/bosch… | x_refsource_CONFIRM |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Bosch | BVMS |
Affected:
unspecified , ≤ 9.0.0
(custom)
Affected: 11.0 , < 11.0.0 (custom) Affected: 10.0 , < 10.0.2 (custom) Affected: 10.1 , < 10.1.1 (custom) |
|
| Bosch | DIVAR IP 7000 R2 |
Affected:
all
|
|
| Bosch | DIVAR IP all-in-one 5000 |
Affected:
all
|
|
| Bosch | DIVAR IP all-in-one 7000 |
Affected:
all
|
|
| Bosch | VRM |
Affected:
unspecified , ≤ 3.81
(custom)
Affected: 4.0 , ≤ 4.00.0070 (custom) Affected: 3.83 , ≤ 3.83.0021 (custom) Affected: 3.82 , ≤ 3.82.0057 (custom) |
Date Public
2021-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:14:09.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BVMS",
"vendor": "Bosch",
"versions": [
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "11.0.0",
"status": "affected",
"version": "11.0",
"versionType": "custom"
},
{
"lessThan": "10.0.2",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "10.1.1",
"status": "affected",
"version": "10.1",
"versionType": "custom"
}
]
},
{
"product": "DIVAR IP 7000 R2",
"vendor": "Bosch",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "DIVAR IP all-in-one 5000",
"vendor": "Bosch",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "DIVAR IP all-in-one 7000",
"vendor": "Bosch",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"product": "VRM",
"vendor": "Bosch",
"versions": [
{
"lessThanOrEqual": "3.81",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.00.0070",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.83.0021",
"status": "affected",
"version": "3.83",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.82.0057",
"status": "affected",
"version": "3.82",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-08T21:17:32.000Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
}
],
"source": {
"advisory": "BOSCH-SA-043434-BT",
"discovery": "UNKNOWN"
},
"title": "Possible Access to Debug Functions in Bosch VRM / BVMS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@bosch.com",
"DATE_PUBLIC": "2021-12-08",
"ID": "CVE-2021-23861",
"STATE": "PUBLIC",
"TITLE": "Possible Access to Debug Functions in Bosch VRM / BVMS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BVMS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "11.0",
"version_value": "11.0.0"
},
{
"version_affected": "\u003c",
"version_name": "10.0",
"version_value": "10.0.2"
},
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.1"
},
{
"version_affected": "\u003c=",
"version_value": "9.0.0"
}
]
}
},
{
"product_name": "DIVAR IP 7000 R2",
"version": {
"version_data": [
{
"configuration": "using vulnerable BVMS version",
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "DIVAR IP all-in-one 5000",
"version": {
"version_data": [
{
"configuration": "using vulnerable BVMS or VRM version",
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "DIVAR IP all-in-one 7000",
"version": {
"version_data": [
{
"configuration": "using vulnerable BVMS or VRM version",
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "VRM",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.0",
"version_value": "4.00.0070"
},
{
"version_affected": "\u003c=",
"version_name": "3.83",
"version_value": "3.83.0021"
},
{
"version_affected": "\u003c=",
"version_name": "3.82",
"version_value": "3.82.0057"
},
{
"version_affected": "\u003c=",
"version_value": "3.81"
}
]
}
}
]
},
"vendor_name": "Bosch"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-489 Active Debug Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
"refsource": "CONFIRM",
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
}
]
},
"source": {
"advisory": "BOSCH-SA-043434-BT",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2021-23861",
"datePublished": "2021-12-08T21:17:32.737Z",
"dateReserved": "2021-01-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:49:16.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33591 (GCVE-0-2021-33591)
Vulnerability from cvelistv5 – Published: 2021-05-28 10:50 – Updated: 2024-08-03 23:50
VLAI
Summary
An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Severity
No CVSS data available.
CWE
- CWE-489 - Active Debug Code
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cve.naver.com/detail/cve-2021-33591 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NAVER | Naver Comic Viewer |
Affected:
unspecified , ≤ 1.0.14.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2021-33591"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Naver Comic Viewer",
"vendor": "NAVER",
"versions": [
{
"lessThanOrEqual": "1.0.14.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-28T10:50:08.000Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2021-33591"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2021-33591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Naver Comic Viewer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0.14.0"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-489: Active Debug Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2021-33591",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2021-33591"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2021-33591",
"datePublished": "2021-05-28T10:50:09.000Z",
"dateReserved": "2021-05-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:50:43.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3971 (GCVE-0-2021-3971)
Vulnerability from cvelistv5 – Published: 2022-04-22 20:30 – Updated: 2024-08-03 17:09
VLAI
Summary
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.
Severity
6.7 (Medium)
CWE
- CWE-489 - Leftover Debug Code
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/product_security… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Notebook BIOS |
Affected:
various
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Notebook BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Leftover Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T20:30:38.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440."
}
],
"source": {
"advisory": "LEN-73440",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Notebook BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-489 Leftover Debug Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-73440",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440."
}
],
"source": {
"advisory": "LEN-73440",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3971",
"datePublished": "2022-04-22T20:30:38.000Z",
"dateReserved": "2021-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3972 (GCVE-0-2021-3972)
Vulnerability from cvelistv5 – Published: 2022-04-22 20:30 – Updated: 2024-08-03 17:09
VLAI
Summary
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Severity
6.7 (Medium)
CWE
- CWE-489 - Leftover Debug Code
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://support.lenovo.com/us/en/product_security… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Notebook BIOS |
Affected:
various
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Notebook BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices\u0027 BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Leftover Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T20:30:40.000Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440."
}
],
"source": {
"advisory": "LEN-73440",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Notebook BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices\u0027 BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-489 Leftover Debug Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-73440",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440."
}
],
"source": {
"advisory": "LEN-73440",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3972",
"datePublished": "2022-04-22T20:30:40.000Z",
"dateReserved": "2021-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40419 (GCVE-0-2021-40419)
Vulnerability from cvelistv5 – Published: 2022-01-28 19:10 – Updated: 2025-04-15 19:21
VLAI
Summary
A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability.
Severity
10 (Critical)
CWE
- CWE-489 - Leftover Debug Code
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1428"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-40419",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:21:29.939766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T19:21:23.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A firmware update vulnerability exists in the \u0027factory\u0027 binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Leftover Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T19:10:07.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1428"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2021-40419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A firmware update vulnerability exists in the \u0027factory\u0027 binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": null,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-489: Leftover Debug Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1428",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1428"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2021-40419",
"datePublished": "2022-01-28T19:10:07.000Z",
"dateReserved": "2021-09-01T00:00:00.000Z",
"dateUpdated": "2025-04-15T19:21:23.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20649 (GCVE-0-2022-20649)
Vulnerability from cvelistv5 – Published: 2024-11-15 15:59 – Updated: 2024-11-15 19:41
VLAI
Title
Cisco Redundancy Configuration Manager Debug Remote Code Execution Vulnerability
Summary
A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container.
This vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
The attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity
8.1 (High)
CWE
- CWE-489 - Active Debug Code
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Redundancy Configuration Manager |
Affected:
2021.02.0
Affected: 2021.01.0 Affected: 21.19.n13 Affected: 21.17.19 Affected: 21.18.24 Affected: 21.25.0 Affected: 21.15.60 Affected: 21.22.11 Affected: 21.20.25 Affected: 21.20.21 Affected: 21.24.2 Affected: 21.23.10 Affected: 21.22.n5 Affected: 21.15.57 Affected: 21.25.1 Affected: 21.18.21 Affected: 21.23.1 Affected: 21.19.11 Affected: 21.16.c16 Affected: 21.23.5 Affected: 21.22.4 Affected: 21.22.ua2 Affected: 21.23.n6 Affected: 21.17.18 Affected: 21.17.17 Affected: 21.21.KS2 Affected: 21.20.23 Affected: 21.20.15 Affected: 21.20.p9 Affected: 21.20.17 Affected: 21.20.14 Affected: 21.21.3 Affected: 21.19.n9 Affected: 21.23.0 Affected: 21.5.30 Affected: 21.22.n4 Affected: 21.20.12 Affected: 21.23.b2 Affected: 21.20.13 Affected: 21.18.22 Affected: 21.18.23 Affected: 21.20.24 Affected: 21.23.6 Affected: 21.21.1 Affected: 21.23.8 Affected: 21.11.20 Affected: 21.15.58 Affected: 21.24.0 Affected: 21.18.18 Affected: 21.20.u8 Affected: 21.18.19 Affected: 21.21.2 Affected: 21.22.2 Affected: 21.22.8 Affected: 21.22.uj3 Affected: 21.22.5 Affected: 21.22.3 Affected: 21.22.10 Affected: 21.18.20 Affected: 21.15.55 Affected: 21.12.22 Affected: 21.23.4 Affected: 21.15.59 Affected: 21.22.ua0 Affected: 21.20.16 Affected: 21.20.18 Affected: 21.20.19 Affected: 21.19.n7 Affected: 21.20.20 Affected: 21.19.n10 Affected: 21.19.n11 Affected: 21.22.7 Affected: 21.22.ua3 Affected: 21.19.n12 Affected: 21.23.9 Affected: 21.18.16 Affected: 21.16.10 Affected: 21.22.6 Affected: 21.18.17 Affected: 21.24.1 Affected: 21.11.21 Affected: 21.23.3 Affected: 21.9.13 Affected: 21.20.k8 Affected: 21.19.n8 Affected: 21.22.9 Affected: 21.16.c17 Affected: 21.16.9 Affected: 21.23.2 Affected: 21.20.22 Affected: 21.18.7 Affected: 21.19.6 Affected: 21.23.7 Affected: 21.11.16 Affected: 21.18.13 Affected: 21.15.47 Affected: 21.19.n6 Affected: 6.9.8 Affected: 21.20.k6 Affected: 21.20.6 Affected: 21.19.10 Affected: 21.19.n4 Affected: 21.15.46 Affected: 21.17.14 Affected: 21.15.52 Affected: 21.16.6 Affected: 21.22.n3 Affected: 21.15.54 Affected: 21.18.15 Affected: 21.18.11 Affected: 21.18.8 Affected: 21.12.20 Affected: 21.5.28 Affected: 21.20.11 Affected: 21.8.12 Affected: 21.19.7 Affected: 21.19.5 Affected: 21.11.19 Affected: 21.16.c15 Affected: 21.18.12 Affected: 21.15.51 Affected: 21.18.14 Affected: 21.11.15 Affected: 21.16.c14 Affected: 21.20.4 Affected: 21.20.7 Affected: 21.14.b22 Affected: 21.17.10 Affected: 21.12.21 Affected: 21.19.9 Affected: 21.13.21 Affected: 21.14.23 Affected: 21.20.UV0 Affected: 21.10.6 Affected: 21.15.45 Affected: 21.15.53 Affected: 21.17.15 Affected: 21.17.16 Affected: 6.14.2 Affected: 21.19.n3 Affected: 21.17.11 Affected: 21.21.0 Affected: 21.20.10 Affected: 21.20.3 Affected: 21.20.5 Affected: 21.16.7 Affected: 21.22.1 Affected: 21.17.9 Affected: 21.17.13 Affected: 21.20.2 Affected: 21.20.9 Affected: 21.5.27 Affected: 21.14.22 Affected: 21.19.8 Affected: 21.22.n2 Affected: 21.16.8 Affected: 21.11.17 Affected: 21.20.8 Affected: 21.20.k7 Affected: 21.18.9 Affected: 21.19.n5 Affected: 21.11.18 Affected: 21.5.29 Affected: 21.15.48 Affected: 21.22.0 Affected: 21.14.b19 Affected: 21.15.17 Affected: 21.16.c4 Affected: 21.19.2 Affected: 6.2.b17 Affected: 6.9.7 Affected: 21.16.c6 Affected: 21.17.8 Affected: 21.11.13 Affected: 21.12.19 Affected: 21.12.18 Affected: 21.6.15 Affected: 21.20.0 Affected: 6.13.EY2 Affected: 21.15.36 Affected: 21.15.21 Affected: 21.15.43 Affected: 6.14.0 Affected: 21.14.b15 Affected: 21.15.14 Affected: 21.15.15 Affected: 21.16.c7 Affected: 21.16.c3 Affected: 6.13.EY1 Affected: 21.15.13 Affected: 21.12.15 Affected: 21.5.25 Affected: 21.14.b12 Affected: 21.18.6 Affected: 21.19.4 Affected: 21.17.3 Affected: 21.16.c5 Affected: 21.14.b21 Affected: 21.18.1 Affected: 6.11.0 Affected: 21.14.17 Affected: 21.5.26 Affected: 21.14.b13 Affected: 21.14.b16 Affected: 21.15.22 Affected: 21.15.23 Affected: 21.16.3 Affected: 21.16.c10 Affected: 21.16.d1 Affected: 21.15.28 Affected: 21.11.11 Affected: 21.15.30 Affected: 21.15.29 Affected: 21.13.18 Affected: 21.12.16 Affected: 21.17.5 Affected: 21.14.b18 Affected: 21.14.RH0 Affected: 21.14.b14 Affected: 6.6.7 Affected: 21.15.20 Affected: 21.15.32 Affected: 21.14.18 Affected: 21.6.b25 Affected: 21.17.2 Affected: 6.2.b15 Affected: 21.15.33 Affected: 21.13.19 Affected: 6.2.b14 Affected: 21.19.n1 Affected: 21.19.1 Affected: 21.19.0 Affected: 21.6.b26 Affected: 6.2.b16 Affected: 21.11.12 Affected: 21.18.3 Affected: 21.17.7 Affected: 21.14.12 Affected: 21.19.n2 Affected: 21.16.c11 Affected: 21.16.c12 Affected: 6.10.0 Affected: 21.16.4 Affected: 6.13.0 Affected: 21.13.16 Affected: 21.16.c13 Affected: 21.17.1 Affected: 21.17.6 Affected: 21.12.17 Affected: 21.11.10 Affected: 21.20.SV1 Affected: 21.11.14 Affected: 6.11.1 Affected: 21.17.0 Affected: 21.9.12 Affected: 21.20.1 Affected: 21.14.19 Affected: 21.14.c3 Affected: 21.15.18 Affected: 21.15.19 Affected: 21.15.16 Affected: 21.15.39 Affected: 6.6.6 Affected: 21.14.11 Affected: 21.14.b17 Affected: 21.14.16 Affected: 21.15.24 Affected: 21.6.b24 Affected: 21.16.c9 Affected: 21.16.c8 Affected: 6.8.1 Affected: 21.15.27 Affected: 21.15.26 Affected: 21.15.25 Affected: 21.17.4 Affected: 21.13.17 Affected: 6.9.5 Affected: 21.18.5 Affected: 21.15.40 Affected: 6.12.0 Affected: 21.18.2 Affected: 21.12.14 Affected: 21.16.d0 Affected: 21.14.20 Affected: 21.18.0 Affected: 21.15.37 Affected: 21.15.41 Affected: 21.18.4 Affected: 21.20.SV2 Affected: 21.20.SV3 Affected: 21.16.5 Affected: 21.20.SV5 Affected: 5.1.15 Affected: 21.19.3 Affected: 21.13.20 Affected: 21.14.b20 Affected: 21.15.7 Affected: 21.13.15 Affected: 21.15.11 Affected: 21.15.9 Affected: 21.15.0 Affected: 21.10.4 Affected: 21.12.12 Affected: 21.12.4 Affected: 21.12.8 Affected: 21.15.5 Affected: 21.13.8 Affected: 21.8.10 Affected: 21.14.6 Affected: 21.15.1 Affected: 21.8.11 Affected: 21.4.16 Affected: 21.9.11 Affected: 21.16.c0 Affected: 21.13.14 Affected: 21.13.4 Affected: 21.14.7 Affected: 21.14.8 Affected: 21.9.8 Affected: 21.16.c2 Affected: 21.15.10 Affected: 21.15.2 Affected: 21.15.6 Affected: 6.7.0 Affected: 21.13.6 Affected: 21.9.10 Affected: 21.14.1 Affected: 21.7.13 Affected: 21.11.8 Affected: 21.14.2 Affected: 21.14.0 Affected: 21.12.10 Affected: 21.9.9 Affected: 21.13.5 Affected: 21.13.2 Affected: 21.13.9 Affected: 21.13.10 Affected: 21.12.5 Affected: 21.12.9 Affected: 21.5.23 Affected: 21.14.10 Affected: 21.14.c2 Affected: 21.14.9 Affected: 21.11.6 Affected: 21.5.20 Affected: 21.13.12 Affected: 21.15.12 Affected: 6.9.2 Affected: 21.15.4 Affected: 21.13.11 Affected: 21.13.7 Affected: 21.10.5 Affected: 21.6.b19 Affected: 21.6.b23 Affected: 21.13.0 Affected: 21.6.14 Affected: 21.13.13 Affected: 21.4.17 Affected: 21.11.9 Affected: 21.11.2 Affected: 21.15.8 Affected: 21.16.2 Affected: 21.16.1 Affected: 21.16.c1 Affected: 21.5.21 Affected: 21.11.4 Affected: 21.6.b21 Affected: 21.14.a5 Affected: 21.10.3 Affected: 21.11.5 Affected: 21.13.3 Affected: 21.5.22 Affected: 21.12.7 Affected: 21.12.13 Affected: 21.12.6 Affected: 21.5.19 Affected: 21.6.b22 Affected: 21.11.7 Affected: 21.13.1 Affected: 21.14.a0 Affected: 21.14.4 Affected: 21.14.5 Affected: 21.5.24 Affected: 21.14.3 Affected: 21.16.0 Affected: 21.6.b20 Affected: 21.7.5 Affected: 21.15.3 Affected: 21.6.12 Affected: 21.8.5 Affected: 21.9.7 Affected: 21.12.11 Affected: 21.12.2 Affected: 6.2.b6 Affected: 21.8.4 Affected: 6.2.b5 Affected: 21.5.15 Affected: 21.8.1 Affected: 21.4.13 Affected: 21.10.0 Affected: 21.5.13 Affected: 21.9.0 Affected: 21.9.4 Affected: 21.4.9 Affected: 21.4.12 Affected: 21.11.3 Affected: 21.5.16 Affected: 21.7.9 Affected: 6.5.0 Affected: 21.4.8 Affected: 21.6.8 Affected: 21.6.5 Affected: 21.8.3 Affected: 21.6.10 Affected: 21.6.4 Affected: 21.7.8 Affected: 21.4.15 Affected: 21.4.11 Affected: 21.8.6 Affected: 21.8.ca1 Affected: 21.9.6 Affected: 21.4.7 Affected: 21.11.0 Affected: 21.11.1 Affected: 21.5.7 Affected: 6.2.b4 Affected: 21.7.7 Affected: 21.6.b14 Affected: 21.6.b13 Affected: 21.6.b15 Affected: 21.7.6 Affected: 21.6.6 Affected: 21.9.5 Affected: 21.5.9 Affected: 21.5.14 Affected: 21.8.8 Affected: 21.5.12 Affected: 21.8.0 Affected: 21.5.8 Affected: 21.7.10 Affected: 6.2.5 Affected: 21.8.9 Affected: 6.4.0 Affected: 21.6.b17 Affected: 21.6.b16 Affected: 21.6.11 Affected: 21.10.1 Affected: 21.4.10 Affected: 21.4.14 Affected: 21.6.9 Affected: 21.6.7 Affected: 21.12.3 Affected: 21.9.1 Affected: 21.9.2 Affected: 21.12.0 Affected: 21.7.12 Affected: 21.10.2 Affected: 21.8.7 Affected: 21.8.2 Affected: 21.5.6 Affected: 21.5.10 Affected: 21.6.13 Affected: 21.6.b18 Affected: 21.7.11 Affected: 21.7.1 Affected: 21.9.3 Affected: 21.7.0 Affected: 21.5.11 Affected: 21.5.17 Affected: 21.5.4 Affected: 21.7.3 Affected: 21.4.1 Affected: 21.4.3 Affected: 21.7.2 Affected: 21.4.5 Affected: 21.5.2 Affected: 21.6.3 Affected: 21.6.0 Affected: 21.6.2 Affected: 21.5.5 Affected: 21.4.6 Affected: 21.4.0 Affected: 21.4.2 Affected: 21.4.4 Affected: 21.7.4 Affected: 21.5.0 Affected: 21.5.1 Affected: 21.6.1 Affected: 21.5.3 Affected: 21.19.n14 Affected: 21.25.3 Affected: 21.23.11 Affected: 21.23.b3 Affected: 21.20.c22 Affected: 21.20.27 Affected: 21.23.n7 Affected: 21.20.26 Affected: 21.23.12 Affected: 21.20.28 Affected: 21.22.ua5 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:redundancy_configuration_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "redundancy_configuration_manager",
"vendor": "cisco",
"versions": [
{
"lessThan": "21.25.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20649",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T19:40:41.090546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T19:41:58.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Redundancy Configuration Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2021.02.0"
},
{
"status": "affected",
"version": "2021.01.0"
},
{
"status": "affected",
"version": "21.19.n13"
},
{
"status": "affected",
"version": "21.17.19"
},
{
"status": "affected",
"version": "21.18.24"
},
{
"status": "affected",
"version": "21.25.0"
},
{
"status": "affected",
"version": "21.15.60"
},
{
"status": "affected",
"version": "21.22.11"
},
{
"status": "affected",
"version": "21.20.25"
},
{
"status": "affected",
"version": "21.20.21"
},
{
"status": "affected",
"version": "21.24.2"
},
{
"status": "affected",
"version": "21.23.10"
},
{
"status": "affected",
"version": "21.22.n5"
},
{
"status": "affected",
"version": "21.15.57"
},
{
"status": "affected",
"version": "21.25.1"
},
{
"status": "affected",
"version": "21.18.21"
},
{
"status": "affected",
"version": "21.23.1"
},
{
"status": "affected",
"version": "21.19.11"
},
{
"status": "affected",
"version": "21.16.c16"
},
{
"status": "affected",
"version": "21.23.5"
},
{
"status": "affected",
"version": "21.22.4"
},
{
"status": "affected",
"version": "21.22.ua2"
},
{
"status": "affected",
"version": "21.23.n6"
},
{
"status": "affected",
"version": "21.17.18"
},
{
"status": "affected",
"version": "21.17.17"
},
{
"status": "affected",
"version": "21.21.KS2"
},
{
"status": "affected",
"version": "21.20.23"
},
{
"status": "affected",
"version": "21.20.15"
},
{
"status": "affected",
"version": "21.20.p9"
},
{
"status": "affected",
"version": "21.20.17"
},
{
"status": "affected",
"version": "21.20.14"
},
{
"status": "affected",
"version": "21.21.3"
},
{
"status": "affected",
"version": "21.19.n9"
},
{
"status": "affected",
"version": "21.23.0"
},
{
"status": "affected",
"version": "21.5.30"
},
{
"status": "affected",
"version": "21.22.n4"
},
{
"status": "affected",
"version": "21.20.12"
},
{
"status": "affected",
"version": "21.23.b2"
},
{
"status": "affected",
"version": "21.20.13"
},
{
"status": "affected",
"version": "21.18.22"
},
{
"status": "affected",
"version": "21.18.23"
},
{
"status": "affected",
"version": "21.20.24"
},
{
"status": "affected",
"version": "21.23.6"
},
{
"status": "affected",
"version": "21.21.1"
},
{
"status": "affected",
"version": "21.23.8"
},
{
"status": "affected",
"version": "21.11.20"
},
{
"status": "affected",
"version": "21.15.58"
},
{
"status": "affected",
"version": "21.24.0"
},
{
"status": "affected",
"version": "21.18.18"
},
{
"status": "affected",
"version": "21.20.u8"
},
{
"status": "affected",
"version": "21.18.19"
},
{
"status": "affected",
"version": "21.21.2"
},
{
"status": "affected",
"version": "21.22.2"
},
{
"status": "affected",
"version": "21.22.8"
},
{
"status": "affected",
"version": "21.22.uj3"
},
{
"status": "affected",
"version": "21.22.5"
},
{
"status": "affected",
"version": "21.22.3"
},
{
"status": "affected",
"version": "21.22.10"
},
{
"status": "affected",
"version": "21.18.20"
},
{
"status": "affected",
"version": "21.15.55"
},
{
"status": "affected",
"version": "21.12.22"
},
{
"status": "affected",
"version": "21.23.4"
},
{
"status": "affected",
"version": "21.15.59"
},
{
"status": "affected",
"version": "21.22.ua0"
},
{
"status": "affected",
"version": "21.20.16"
},
{
"status": "affected",
"version": "21.20.18"
},
{
"status": "affected",
"version": "21.20.19"
},
{
"status": "affected",
"version": "21.19.n7"
},
{
"status": "affected",
"version": "21.20.20"
},
{
"status": "affected",
"version": "21.19.n10"
},
{
"status": "affected",
"version": "21.19.n11"
},
{
"status": "affected",
"version": "21.22.7"
},
{
"status": "affected",
"version": "21.22.ua3"
},
{
"status": "affected",
"version": "21.19.n12"
},
{
"status": "affected",
"version": "21.23.9"
},
{
"status": "affected",
"version": "21.18.16"
},
{
"status": "affected",
"version": "21.16.10"
},
{
"status": "affected",
"version": "21.22.6"
},
{
"status": "affected",
"version": "21.18.17"
},
{
"status": "affected",
"version": "21.24.1"
},
{
"status": "affected",
"version": "21.11.21"
},
{
"status": "affected",
"version": "21.23.3"
},
{
"status": "affected",
"version": "21.9.13"
},
{
"status": "affected",
"version": "21.20.k8"
},
{
"status": "affected",
"version": "21.19.n8"
},
{
"status": "affected",
"version": "21.22.9"
},
{
"status": "affected",
"version": "21.16.c17"
},
{
"status": "affected",
"version": "21.16.9"
},
{
"status": "affected",
"version": "21.23.2"
},
{
"status": "affected",
"version": "21.20.22"
},
{
"status": "affected",
"version": "21.18.7"
},
{
"status": "affected",
"version": "21.19.6"
},
{
"status": "affected",
"version": "21.23.7"
},
{
"status": "affected",
"version": "21.11.16"
},
{
"status": "affected",
"version": "21.18.13"
},
{
"status": "affected",
"version": "21.15.47"
},
{
"status": "affected",
"version": "21.19.n6"
},
{
"status": "affected",
"version": "6.9.8"
},
{
"status": "affected",
"version": "21.20.k6"
},
{
"status": "affected",
"version": "21.20.6"
},
{
"status": "affected",
"version": "21.19.10"
},
{
"status": "affected",
"version": "21.19.n4"
},
{
"status": "affected",
"version": "21.15.46"
},
{
"status": "affected",
"version": "21.17.14"
},
{
"status": "affected",
"version": "21.15.52"
},
{
"status": "affected",
"version": "21.16.6"
},
{
"status": "affected",
"version": "21.22.n3"
},
{
"status": "affected",
"version": "21.15.54"
},
{
"status": "affected",
"version": "21.18.15"
},
{
"status": "affected",
"version": "21.18.11"
},
{
"status": "affected",
"version": "21.18.8"
},
{
"status": "affected",
"version": "21.12.20"
},
{
"status": "affected",
"version": "21.5.28"
},
{
"status": "affected",
"version": "21.20.11"
},
{
"status": "affected",
"version": "21.8.12"
},
{
"status": "affected",
"version": "21.19.7"
},
{
"status": "affected",
"version": "21.19.5"
},
{
"status": "affected",
"version": "21.11.19"
},
{
"status": "affected",
"version": "21.16.c15"
},
{
"status": "affected",
"version": "21.18.12"
},
{
"status": "affected",
"version": "21.15.51"
},
{
"status": "affected",
"version": "21.18.14"
},
{
"status": "affected",
"version": "21.11.15"
},
{
"status": "affected",
"version": "21.16.c14"
},
{
"status": "affected",
"version": "21.20.4"
},
{
"status": "affected",
"version": "21.20.7"
},
{
"status": "affected",
"version": "21.14.b22"
},
{
"status": "affected",
"version": "21.17.10"
},
{
"status": "affected",
"version": "21.12.21"
},
{
"status": "affected",
"version": "21.19.9"
},
{
"status": "affected",
"version": "21.13.21"
},
{
"status": "affected",
"version": "21.14.23"
},
{
"status": "affected",
"version": "21.20.UV0"
},
{
"status": "affected",
"version": "21.10.6"
},
{
"status": "affected",
"version": "21.15.45"
},
{
"status": "affected",
"version": "21.15.53"
},
{
"status": "affected",
"version": "21.17.15"
},
{
"status": "affected",
"version": "21.17.16"
},
{
"status": "affected",
"version": "6.14.2"
},
{
"status": "affected",
"version": "21.19.n3"
},
{
"status": "affected",
"version": "21.17.11"
},
{
"status": "affected",
"version": "21.21.0"
},
{
"status": "affected",
"version": "21.20.10"
},
{
"status": "affected",
"version": "21.20.3"
},
{
"status": "affected",
"version": "21.20.5"
},
{
"status": "affected",
"version": "21.16.7"
},
{
"status": "affected",
"version": "21.22.1"
},
{
"status": "affected",
"version": "21.17.9"
},
{
"status": "affected",
"version": "21.17.13"
},
{
"status": "affected",
"version": "21.20.2"
},
{
"status": "affected",
"version": "21.20.9"
},
{
"status": "affected",
"version": "21.5.27"
},
{
"status": "affected",
"version": "21.14.22"
},
{
"status": "affected",
"version": "21.19.8"
},
{
"status": "affected",
"version": "21.22.n2"
},
{
"status": "affected",
"version": "21.16.8"
},
{
"status": "affected",
"version": "21.11.17"
},
{
"status": "affected",
"version": "21.20.8"
},
{
"status": "affected",
"version": "21.20.k7"
},
{
"status": "affected",
"version": "21.18.9"
},
{
"status": "affected",
"version": "21.19.n5"
},
{
"status": "affected",
"version": "21.11.18"
},
{
"status": "affected",
"version": "21.5.29"
},
{
"status": "affected",
"version": "21.15.48"
},
{
"status": "affected",
"version": "21.22.0"
},
{
"status": "affected",
"version": "21.14.b19"
},
{
"status": "affected",
"version": "21.15.17"
},
{
"status": "affected",
"version": "21.16.c4"
},
{
"status": "affected",
"version": "21.19.2"
},
{
"status": "affected",
"version": "6.2.b17"
},
{
"status": "affected",
"version": "6.9.7"
},
{
"status": "affected",
"version": "21.16.c6"
},
{
"status": "affected",
"version": "21.17.8"
},
{
"status": "affected",
"version": "21.11.13"
},
{
"status": "affected",
"version": "21.12.19"
},
{
"status": "affected",
"version": "21.12.18"
},
{
"status": "affected",
"version": "21.6.15"
},
{
"status": "affected",
"version": "21.20.0"
},
{
"status": "affected",
"version": "6.13.EY2"
},
{
"status": "affected",
"version": "21.15.36"
},
{
"status": "affected",
"version": "21.15.21"
},
{
"status": "affected",
"version": "21.15.43"
},
{
"status": "affected",
"version": "6.14.0"
},
{
"status": "affected",
"version": "21.14.b15"
},
{
"status": "affected",
"version": "21.15.14"
},
{
"status": "affected",
"version": "21.15.15"
},
{
"status": "affected",
"version": "21.16.c7"
},
{
"status": "affected",
"version": "21.16.c3"
},
{
"status": "affected",
"version": "6.13.EY1"
},
{
"status": "affected",
"version": "21.15.13"
},
{
"status": "affected",
"version": "21.12.15"
},
{
"status": "affected",
"version": "21.5.25"
},
{
"status": "affected",
"version": "21.14.b12"
},
{
"status": "affected",
"version": "21.18.6"
},
{
"status": "affected",
"version": "21.19.4"
},
{
"status": "affected",
"version": "21.17.3"
},
{
"status": "affected",
"version": "21.16.c5"
},
{
"status": "affected",
"version": "21.14.b21"
},
{
"status": "affected",
"version": "21.18.1"
},
{
"status": "affected",
"version": "6.11.0"
},
{
"status": "affected",
"version": "21.14.17"
},
{
"status": "affected",
"version": "21.5.26"
},
{
"status": "affected",
"version": "21.14.b13"
},
{
"status": "affected",
"version": "21.14.b16"
},
{
"status": "affected",
"version": "21.15.22"
},
{
"status": "affected",
"version": "21.15.23"
},
{
"status": "affected",
"version": "21.16.3"
},
{
"status": "affected",
"version": "21.16.c10"
},
{
"status": "affected",
"version": "21.16.d1"
},
{
"status": "affected",
"version": "21.15.28"
},
{
"status": "affected",
"version": "21.11.11"
},
{
"status": "affected",
"version": "21.15.30"
},
{
"status": "affected",
"version": "21.15.29"
},
{
"status": "affected",
"version": "21.13.18"
},
{
"status": "affected",
"version": "21.12.16"
},
{
"status": "affected",
"version": "21.17.5"
},
{
"status": "affected",
"version": "21.14.b18"
},
{
"status": "affected",
"version": "21.14.RH0"
},
{
"status": "affected",
"version": "21.14.b14"
},
{
"status": "affected",
"version": "6.6.7"
},
{
"status": "affected",
"version": "21.15.20"
},
{
"status": "affected",
"version": "21.15.32"
},
{
"status": "affected",
"version": "21.14.18"
},
{
"status": "affected",
"version": "21.6.b25"
},
{
"status": "affected",
"version": "21.17.2"
},
{
"status": "affected",
"version": "6.2.b15"
},
{
"status": "affected",
"version": "21.15.33"
},
{
"status": "affected",
"version": "21.13.19"
},
{
"status": "affected",
"version": "6.2.b14"
},
{
"status": "affected",
"version": "21.19.n1"
},
{
"status": "affected",
"version": "21.19.1"
},
{
"status": "affected",
"version": "21.19.0"
},
{
"status": "affected",
"version": "21.6.b26"
},
{
"status": "affected",
"version": "6.2.b16"
},
{
"status": "affected",
"version": "21.11.12"
},
{
"status": "affected",
"version": "21.18.3"
},
{
"status": "affected",
"version": "21.17.7"
},
{
"status": "affected",
"version": "21.14.12"
},
{
"status": "affected",
"version": "21.19.n2"
},
{
"status": "affected",
"version": "21.16.c11"
},
{
"status": "affected",
"version": "21.16.c12"
},
{
"status": "affected",
"version": "6.10.0"
},
{
"status": "affected",
"version": "21.16.4"
},
{
"status": "affected",
"version": "6.13.0"
},
{
"status": "affected",
"version": "21.13.16"
},
{
"status": "affected",
"version": "21.16.c13"
},
{
"status": "affected",
"version": "21.17.1"
},
{
"status": "affected",
"version": "21.17.6"
},
{
"status": "affected",
"version": "21.12.17"
},
{
"status": "affected",
"version": "21.11.10"
},
{
"status": "affected",
"version": "21.20.SV1"
},
{
"status": "affected",
"version": "21.11.14"
},
{
"status": "affected",
"version": "6.11.1"
},
{
"status": "affected",
"version": "21.17.0"
},
{
"status": "affected",
"version": "21.9.12"
},
{
"status": "affected",
"version": "21.20.1"
},
{
"status": "affected",
"version": "21.14.19"
},
{
"status": "affected",
"version": "21.14.c3"
},
{
"status": "affected",
"version": "21.15.18"
},
{
"status": "affected",
"version": "21.15.19"
},
{
"status": "affected",
"version": "21.15.16"
},
{
"status": "affected",
"version": "21.15.39"
},
{
"status": "affected",
"version": "6.6.6"
},
{
"status": "affected",
"version": "21.14.11"
},
{
"status": "affected",
"version": "21.14.b17"
},
{
"status": "affected",
"version": "21.14.16"
},
{
"status": "affected",
"version": "21.15.24"
},
{
"status": "affected",
"version": "21.6.b24"
},
{
"status": "affected",
"version": "21.16.c9"
},
{
"status": "affected",
"version": "21.16.c8"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "21.15.27"
},
{
"status": "affected",
"version": "21.15.26"
},
{
"status": "affected",
"version": "21.15.25"
},
{
"status": "affected",
"version": "21.17.4"
},
{
"status": "affected",
"version": "21.13.17"
},
{
"status": "affected",
"version": "6.9.5"
},
{
"status": "affected",
"version": "21.18.5"
},
{
"status": "affected",
"version": "21.15.40"
},
{
"status": "affected",
"version": "6.12.0"
},
{
"status": "affected",
"version": "21.18.2"
},
{
"status": "affected",
"version": "21.12.14"
},
{
"status": "affected",
"version": "21.16.d0"
},
{
"status": "affected",
"version": "21.14.20"
},
{
"status": "affected",
"version": "21.18.0"
},
{
"status": "affected",
"version": "21.15.37"
},
{
"status": "affected",
"version": "21.15.41"
},
{
"status": "affected",
"version": "21.18.4"
},
{
"status": "affected",
"version": "21.20.SV2"
},
{
"status": "affected",
"version": "21.20.SV3"
},
{
"status": "affected",
"version": "21.16.5"
},
{
"status": "affected",
"version": "21.20.SV5"
},
{
"status": "affected",
"version": "5.1.15"
},
{
"status": "affected",
"version": "21.19.3"
},
{
"status": "affected",
"version": "21.13.20"
},
{
"status": "affected",
"version": "21.14.b20"
},
{
"status": "affected",
"version": "21.15.7"
},
{
"status": "affected",
"version": "21.13.15"
},
{
"status": "affected",
"version": "21.15.11"
},
{
"status": "affected",
"version": "21.15.9"
},
{
"status": "affected",
"version": "21.15.0"
},
{
"status": "affected",
"version": "21.10.4"
},
{
"status": "affected",
"version": "21.12.12"
},
{
"status": "affected",
"version": "21.12.4"
},
{
"status": "affected",
"version": "21.12.8"
},
{
"status": "affected",
"version": "21.15.5"
},
{
"status": "affected",
"version": "21.13.8"
},
{
"status": "affected",
"version": "21.8.10"
},
{
"status": "affected",
"version": "21.14.6"
},
{
"status": "affected",
"version": "21.15.1"
},
{
"status": "affected",
"version": "21.8.11"
},
{
"status": "affected",
"version": "21.4.16"
},
{
"status": "affected",
"version": "21.9.11"
},
{
"status": "affected",
"version": "21.16.c0"
},
{
"status": "affected",
"version": "21.13.14"
},
{
"status": "affected",
"version": "21.13.4"
},
{
"status": "affected",
"version": "21.14.7"
},
{
"status": "affected",
"version": "21.14.8"
},
{
"status": "affected",
"version": "21.9.8"
},
{
"status": "affected",
"version": "21.16.c2"
},
{
"status": "affected",
"version": "21.15.10"
},
{
"status": "affected",
"version": "21.15.2"
},
{
"status": "affected",
"version": "21.15.6"
},
{
"status": "affected",
"version": "6.7.0"
},
{
"status": "affected",
"version": "21.13.6"
},
{
"status": "affected",
"version": "21.9.10"
},
{
"status": "affected",
"version": "21.14.1"
},
{
"status": "affected",
"version": "21.7.13"
},
{
"status": "affected",
"version": "21.11.8"
},
{
"status": "affected",
"version": "21.14.2"
},
{
"status": "affected",
"version": "21.14.0"
},
{
"status": "affected",
"version": "21.12.10"
},
{
"status": "affected",
"version": "21.9.9"
},
{
"status": "affected",
"version": "21.13.5"
},
{
"status": "affected",
"version": "21.13.2"
},
{
"status": "affected",
"version": "21.13.9"
},
{
"status": "affected",
"version": "21.13.10"
},
{
"status": "affected",
"version": "21.12.5"
},
{
"status": "affected",
"version": "21.12.9"
},
{
"status": "affected",
"version": "21.5.23"
},
{
"status": "affected",
"version": "21.14.10"
},
{
"status": "affected",
"version": "21.14.c2"
},
{
"status": "affected",
"version": "21.14.9"
},
{
"status": "affected",
"version": "21.11.6"
},
{
"status": "affected",
"version": "21.5.20"
},
{
"status": "affected",
"version": "21.13.12"
},
{
"status": "affected",
"version": "21.15.12"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "21.15.4"
},
{
"status": "affected",
"version": "21.13.11"
},
{
"status": "affected",
"version": "21.13.7"
},
{
"status": "affected",
"version": "21.10.5"
},
{
"status": "affected",
"version": "21.6.b19"
},
{
"status": "affected",
"version": "21.6.b23"
},
{
"status": "affected",
"version": "21.13.0"
},
{
"status": "affected",
"version": "21.6.14"
},
{
"status": "affected",
"version": "21.13.13"
},
{
"status": "affected",
"version": "21.4.17"
},
{
"status": "affected",
"version": "21.11.9"
},
{
"status": "affected",
"version": "21.11.2"
},
{
"status": "affected",
"version": "21.15.8"
},
{
"status": "affected",
"version": "21.16.2"
},
{
"status": "affected",
"version": "21.16.1"
},
{
"status": "affected",
"version": "21.16.c1"
},
{
"status": "affected",
"version": "21.5.21"
},
{
"status": "affected",
"version": "21.11.4"
},
{
"status": "affected",
"version": "21.6.b21"
},
{
"status": "affected",
"version": "21.14.a5"
},
{
"status": "affected",
"version": "21.10.3"
},
{
"status": "affected",
"version": "21.11.5"
},
{
"status": "affected",
"version": "21.13.3"
},
{
"status": "affected",
"version": "21.5.22"
},
{
"status": "affected",
"version": "21.12.7"
},
{
"status": "affected",
"version": "21.12.13"
},
{
"status": "affected",
"version": "21.12.6"
},
{
"status": "affected",
"version": "21.5.19"
},
{
"status": "affected",
"version": "21.6.b22"
},
{
"status": "affected",
"version": "21.11.7"
},
{
"status": "affected",
"version": "21.13.1"
},
{
"status": "affected",
"version": "21.14.a0"
},
{
"status": "affected",
"version": "21.14.4"
},
{
"status": "affected",
"version": "21.14.5"
},
{
"status": "affected",
"version": "21.5.24"
},
{
"status": "affected",
"version": "21.14.3"
},
{
"status": "affected",
"version": "21.16.0"
},
{
"status": "affected",
"version": "21.6.b20"
},
{
"status": "affected",
"version": "21.7.5"
},
{
"status": "affected",
"version": "21.15.3"
},
{
"status": "affected",
"version": "21.6.12"
},
{
"status": "affected",
"version": "21.8.5"
},
{
"status": "affected",
"version": "21.9.7"
},
{
"status": "affected",
"version": "21.12.11"
},
{
"status": "affected",
"version": "21.12.2"
},
{
"status": "affected",
"version": "6.2.b6"
},
{
"status": "affected",
"version": "21.8.4"
},
{
"status": "affected",
"version": "6.2.b5"
},
{
"status": "affected",
"version": "21.5.15"
},
{
"status": "affected",
"version": "21.8.1"
},
{
"status": "affected",
"version": "21.4.13"
},
{
"status": "affected",
"version": "21.10.0"
},
{
"status": "affected",
"version": "21.5.13"
},
{
"status": "affected",
"version": "21.9.0"
},
{
"status": "affected",
"version": "21.9.4"
},
{
"status": "affected",
"version": "21.4.9"
},
{
"status": "affected",
"version": "21.4.12"
},
{
"status": "affected",
"version": "21.11.3"
},
{
"status": "affected",
"version": "21.5.16"
},
{
"status": "affected",
"version": "21.7.9"
},
{
"status": "affected",
"version": "6.5.0"
},
{
"status": "affected",
"version": "21.4.8"
},
{
"status": "affected",
"version": "21.6.8"
},
{
"status": "affected",
"version": "21.6.5"
},
{
"status": "affected",
"version": "21.8.3"
},
{
"status": "affected",
"version": "21.6.10"
},
{
"status": "affected",
"version": "21.6.4"
},
{
"status": "affected",
"version": "21.7.8"
},
{
"status": "affected",
"version": "21.4.15"
},
{
"status": "affected",
"version": "21.4.11"
},
{
"status": "affected",
"version": "21.8.6"
},
{
"status": "affected",
"version": "21.8.ca1"
},
{
"status": "affected",
"version": "21.9.6"
},
{
"status": "affected",
"version": "21.4.7"
},
{
"status": "affected",
"version": "21.11.0"
},
{
"status": "affected",
"version": "21.11.1"
},
{
"status": "affected",
"version": "21.5.7"
},
{
"status": "affected",
"version": "6.2.b4"
},
{
"status": "affected",
"version": "21.7.7"
},
{
"status": "affected",
"version": "21.6.b14"
},
{
"status": "affected",
"version": "21.6.b13"
},
{
"status": "affected",
"version": "21.6.b15"
},
{
"status": "affected",
"version": "21.7.6"
},
{
"status": "affected",
"version": "21.6.6"
},
{
"status": "affected",
"version": "21.9.5"
},
{
"status": "affected",
"version": "21.5.9"
},
{
"status": "affected",
"version": "21.5.14"
},
{
"status": "affected",
"version": "21.8.8"
},
{
"status": "affected",
"version": "21.5.12"
},
{
"status": "affected",
"version": "21.8.0"
},
{
"status": "affected",
"version": "21.5.8"
},
{
"status": "affected",
"version": "21.7.10"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "21.8.9"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "21.6.b17"
},
{
"status": "affected",
"version": "21.6.b16"
},
{
"status": "affected",
"version": "21.6.11"
},
{
"status": "affected",
"version": "21.10.1"
},
{
"status": "affected",
"version": "21.4.10"
},
{
"status": "affected",
"version": "21.4.14"
},
{
"status": "affected",
"version": "21.6.9"
},
{
"status": "affected",
"version": "21.6.7"
},
{
"status": "affected",
"version": "21.12.3"
},
{
"status": "affected",
"version": "21.9.1"
},
{
"status": "affected",
"version": "21.9.2"
},
{
"status": "affected",
"version": "21.12.0"
},
{
"status": "affected",
"version": "21.7.12"
},
{
"status": "affected",
"version": "21.10.2"
},
{
"status": "affected",
"version": "21.8.7"
},
{
"status": "affected",
"version": "21.8.2"
},
{
"status": "affected",
"version": "21.5.6"
},
{
"status": "affected",
"version": "21.5.10"
},
{
"status": "affected",
"version": "21.6.13"
},
{
"status": "affected",
"version": "21.6.b18"
},
{
"status": "affected",
"version": "21.7.11"
},
{
"status": "affected",
"version": "21.7.1"
},
{
"status": "affected",
"version": "21.9.3"
},
{
"status": "affected",
"version": "21.7.0"
},
{
"status": "affected",
"version": "21.5.11"
},
{
"status": "affected",
"version": "21.5.17"
},
{
"status": "affected",
"version": "21.5.4"
},
{
"status": "affected",
"version": "21.7.3"
},
{
"status": "affected",
"version": "21.4.1"
},
{
"status": "affected",
"version": "21.4.3"
},
{
"status": "affected",
"version": "21.7.2"
},
{
"status": "affected",
"version": "21.4.5"
},
{
"status": "affected",
"version": "21.5.2"
},
{
"status": "affected",
"version": "21.6.3"
},
{
"status": "affected",
"version": "21.6.0"
},
{
"status": "affected",
"version": "21.6.2"
},
{
"status": "affected",
"version": "21.5.5"
},
{
"status": "affected",
"version": "21.4.6"
},
{
"status": "affected",
"version": "21.4.0"
},
{
"status": "affected",
"version": "21.4.2"
},
{
"status": "affected",
"version": "21.4.4"
},
{
"status": "affected",
"version": "21.7.4"
},
{
"status": "affected",
"version": "21.5.0"
},
{
"status": "affected",
"version": "21.5.1"
},
{
"status": "affected",
"version": "21.6.1"
},
{
"status": "affected",
"version": "21.5.3"
},
{
"status": "affected",
"version": "21.19.n14"
},
{
"status": "affected",
"version": "21.25.3"
},
{
"status": "affected",
"version": "21.23.11"
},
{
"status": "affected",
"version": "21.23.b3"
},
{
"status": "affected",
"version": "21.20.c22"
},
{
"status": "affected",
"version": "21.20.27"
},
{
"status": "affected",
"version": "21.23.n7"
},
{
"status": "affected",
"version": "21.20.26"
},
{
"status": "affected",
"version": "21.23.12"
},
{
"status": "affected",
"version": "21.20.28"
},
{
"status": "affected",
"version": "21.22.ua5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco\u0026nbsp;RCM for Cisco\u0026nbsp;StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges\u0026nbsp;in the context of the configured container.\r\n\r\nThis vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user.\r\nThe attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "Active Debug Code",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:59:07.107Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-rcm-vuls-7cS3Nuq",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO"
}
],
"source": {
"advisory": "cisco-sa-rcm-vuls-7cS3Nuq",
"defects": [
"CSCvy80878"
],
"discovery": "INTERNAL"
},
"title": "Cisco Redundancy Configuration Manager Debug Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20649",
"datePublished": "2024-11-15T15:59:07.107Z",
"dateReserved": "2021-11-02T13:28:29.035Z",
"dateUpdated": "2024-11-15T19:41:58.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25995 (GCVE-0-2022-25995)
Vulnerability from cvelistv5 – Published: 2022-05-12 17:01 – Updated: 2025-04-15 19:03
VLAI
Summary
A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
Severity
9.9 (Critical)
CWE
- CWE-489 - Leftover Debug Code
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.inhandnetworks.com/upload/attachment/… | x_refsource_CONFIRM |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| InHand Networks | InRouter302 |
Affected:
V3.5.4
|
Date Public
2022-05-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:36.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1477"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25995",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:23:02.464060Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T19:03:12.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InRouter302",
"vendor": "InHand Networks",
"versions": [
{
"status": "affected",
"version": "V3.5.4"
}
]
}
],
"datePublic": "2022-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Leftover Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T17:01:36.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1477"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2022-05-10",
"ID": "CVE-2022-25995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InRouter302",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "V3.5.4"
}
]
}
}
]
},
"vendor_name": "InHand Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.9,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-489: Leftover Debug Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf",
"refsource": "CONFIRM",
"url": "https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1477",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1477"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-25995",
"datePublished": "2022-05-12T17:01:36.120Z",
"dateReserved": "2022-02-25T00:00:00.000Z",
"dateUpdated": "2025-04-15T19:03:12.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26023 (GCVE-0-2022-26023)
Vulnerability from cvelistv5 – Published: 2022-11-09 17:35 – Updated: 2025-04-15 18:41
VLAI
Summary
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.
Severity
6.5 (Medium)
CWE
- CWE-489 - Leftover Debug Code
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| InHand Networks | InRouter302 |
Affected:
V3.5.45
|
Date Public
2022-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1520"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26023",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:16:33.364504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:41:10.624Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InRouter302",
"vendor": "InHand Networks",
"versions": [
{
"status": "affected",
"version": "V3.5.45"
}
]
}
],
"datePublic": "2022-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Leftover Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-09T00:00:00.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"
},
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1520"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-26023",
"datePublished": "2022-11-09T17:35:36.028Z",
"dateReserved": "2022-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-15T18:41:10.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27597 (GCVE-0-2022-27597)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-12 19:32
VLAI
Title
QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)
Summary
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
Severity
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | QTS |
Affected:
unspecified , < 5.0.1.2346 build 20230322
(custom)
|
|
| QNAP Systems Inc. | QuTS hero |
Affected:
unspecified , < h5.0.1.2348 build 20230324
(custom)
|
Date Public
2023-03-30 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:58.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-23-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T19:32:36.172672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:32:39.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.0.1.2346 build 20230322",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.0.1.2348 build 20230324",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sternum LIV and Sternum team"
}
],
"datePublic": "2023-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1295",
"description": "CWE-1295",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T00:00:00.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-06"
}
],
"solutions": [
{
"lang": "en",
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2346 build 20230322 and later\nQuTS hero h5.0.1.2348 build 20230324 and later\n"
}
],
"source": {
"advisory": "QSA-23-06",
"discovery": "EXTERNAL"
},
"title": "QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2022-27597",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-02-12T19:32:39.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Build and Compilation, Distribution
Description:
- Remove debug code before deploying the application.
CAPEC-121: Exploit Non-Production Interfaces
An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.
CAPEC-661: Root/Jailbreak Detection Evasion via Debugging
An adversary inserts a debugger into the program entry point of a mobile application to modify the application binary, with the goal of evading Root/Jailbreak detection. Mobile device users often Root/Jailbreak their devices in order to gain administrative control over the mobile operating system and/or to install third-party mobile applications that are not provided by authorized application stores (e.g. Google Play Store and Apple App Store). Rooting/Jailbreaking a mobile device also provides users with access to system debuggers and disassemblers, which can be leveraged to exploit applications by dumping the application's memory at runtime in order to remove or bypass signature verification methods. This further allows the adversary to evade Root/Jailbreak detection mechanisms, which can result in execution of administrative commands, obtaining confidential data, impersonating legitimate users of the application, and more.