All the vulnerabilites related to cisco - expressway_series
cve-2019-1722
Vulnerability from cvelistv5
Published
2019-04-18 00:20
Modified
2024-11-21 19:39
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. The arbitrary actions include adding an attacker-controlled device and redirecting calls intended for a specific user. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. This vulnerability is fixed in software version X12.5.1 and later.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ex-vcs-xsrfvendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/bid/108006vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.427Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190417 Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ex-vcs-xsrf"
          },
          {
            "name": "108006",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108006"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1722",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T18:59:34.489490Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T19:39:59.196Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco TelePresence Video Communication Server (VCS)",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "X12.5.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-04-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. The arbitrary actions include adding an attacker-controlled device and redirecting calls intended for a specific user. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. This vulnerability is fixed in software version X12.5.1 and later."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-19T12:06:02",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190417 Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ex-vcs-xsrf"
        },
        {
          "name": "108006",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108006"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190417-ex-vcs-xsrf",
        "defect": [
          [
            "CSCvn47520"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-04-17T16:00:00-0700",
          "ID": "CVE-2019-1722",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco TelePresence Video Communication Server (VCS)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "X12.5.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. The arbitrary actions include adding an attacker-controlled device and redirecting calls intended for a specific user. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. This vulnerability is fixed in software version X12.5.1 and later."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.5",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190417 Cisco Expressway Series and Cisco TelePresence Video Communication Server Cross-Site Request Forgery Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ex-vcs-xsrf"
            },
            {
              "name": "108006",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108006"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190417-ex-vcs-xsrf",
          "defect": [
            [
              "CSCvn47520"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1722",
    "datePublished": "2019-04-18T00:20:13.260865Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-11-21T19:39:59.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-5390
Vulnerability from cvelistv5
Published
2018-08-06 20:00
Modified
2024-08-05 05:33
Severity ?
Summary
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
References
https://access.redhat.com/errata/RHSA-2018:2785vendor-advisory, x_refsource_REDHAT
https://www.kb.cert.org/vuls/id/962459third-party-advisory, x_refsource_CERT-VN
https://usn.ubuntu.com/3741-2/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:2776vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2933vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2403vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2395vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3763-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:2384vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3741-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:2402vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2948vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3742-2/vendor-advisory, x_refsource_UBUNTU
http://www.securitytracker.com/id/1041434vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3732-2/vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/104976vdb-entry, x_refsource_BID
https://lists.debian.org/debian-lts-announce/2018/08/msg00014.htmlmailing-list, x_refsource_MLIST
http://www.securitytracker.com/id/1041424vdb-entry, x_refsource_SECTRACK
https://usn.ubuntu.com/3742-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:2924vendor-advisory, x_refsource_REDHAT
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcpvendor-advisory, x_refsource_CISCO
https://access.redhat.com/errata/RHSA-2018:2789vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4266vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:2645vendor-advisory, x_refsource_REDHAT
https://usn.ubuntu.com/3732-1/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:2791vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2790vendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2019/06/28/2mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/07/06/3mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/07/06/4mailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180815-0003/x_refsource_CONFIRM
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txtx_refsource_CONFIRM
https://www.synology.com/support/security/Synology_SA_18_41x_refsource_CONFIRM
https://support.f5.com/csp/article/K95343321x_refsource_CONFIRM
https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmackx_refsource_CONFIRM
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72ex_refsource_CONFIRM
https://support.f5.com/csp/article/K95343321?utm_source=f5support&amp%3Butm_medium=RSSx_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdfx_refsource_CONFIRM
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-enx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.409Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2785",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2785"
          },
          {
            "name": "VU#962459",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/962459"
          },
          {
            "name": "USN-3741-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3741-2/"
          },
          {
            "name": "RHSA-2018:2776",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2776"
          },
          {
            "name": "RHSA-2018:2933",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2933"
          },
          {
            "name": "RHSA-2018:2403",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2403"
          },
          {
            "name": "RHSA-2018:2395",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2395"
          },
          {
            "name": "USN-3763-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3763-1/"
          },
          {
            "name": "RHSA-2018:2384",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2384"
          },
          {
            "name": "USN-3741-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3741-1/"
          },
          {
            "name": "RHSA-2018:2402",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2402"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "name": "USN-3742-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-2/"
          },
          {
            "name": "1041434",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041434"
          },
          {
            "name": "USN-3732-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3732-2/"
          },
          {
            "name": "104976",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104976"
          },
          {
            "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
          },
          {
            "name": "1041424",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041424"
          },
          {
            "name": "USN-3742-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-1/"
          },
          {
            "name": "RHSA-2018:2924",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2924"
          },
          {
            "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
          },
          {
            "name": "RHSA-2018:2789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2789"
          },
          {
            "name": "DSA-4266",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4266"
          },
          {
            "name": "RHSA-2018:2645",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2645"
          },
          {
            "name": "USN-3732-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3732-1/"
          },
          {
            "name": "RHSA-2018:2791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2791"
          },
          {
            "name": "RHSA-2018:2790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2790"
          },
          {
            "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_41"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K95343321"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux Kernel",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4.9*",
              "status": "affected",
              "version": "4.9",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-07-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-15T02:22:59",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "RHSA-2018:2785",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2785"
        },
        {
          "name": "VU#962459",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/962459"
        },
        {
          "name": "USN-3741-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3741-2/"
        },
        {
          "name": "RHSA-2018:2776",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2776"
        },
        {
          "name": "RHSA-2018:2933",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2933"
        },
        {
          "name": "RHSA-2018:2403",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2403"
        },
        {
          "name": "RHSA-2018:2395",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2395"
        },
        {
          "name": "USN-3763-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3763-1/"
        },
        {
          "name": "RHSA-2018:2384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2384"
        },
        {
          "name": "USN-3741-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3741-1/"
        },
        {
          "name": "RHSA-2018:2402",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2402"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "name": "USN-3742-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-2/"
        },
        {
          "name": "1041434",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041434"
        },
        {
          "name": "USN-3732-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3732-2/"
        },
        {
          "name": "104976",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104976"
        },
        {
          "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
        },
        {
          "name": "1041424",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041424"
        },
        {
          "name": "USN-3742-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-1/"
        },
        {
          "name": "RHSA-2018:2924",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2924"
        },
        {
          "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
        },
        {
          "name": "RHSA-2018:2789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2789"
        },
        {
          "name": "DSA-4266",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4266"
        },
        {
          "name": "RHSA-2018:2645",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2645"
        },
        {
          "name": "USN-3732-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3732-1/"
        },
        {
          "name": "RHSA-2018:2791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2791"
        },
        {
          "name": "RHSA-2018:2790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2790"
        },
        {
          "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_41"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K95343321"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2018-5390",
          "STATE": "PUBLIC",
          "TITLE": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux Kernel",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003e=",
                            "version_affected": "\u003e=",
                            "version_name": "4.9",
                            "version_value": "4.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2785",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2785"
            },
            {
              "name": "VU#962459",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/962459"
            },
            {
              "name": "USN-3741-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3741-2/"
            },
            {
              "name": "RHSA-2018:2776",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2776"
            },
            {
              "name": "RHSA-2018:2933",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2933"
            },
            {
              "name": "RHSA-2018:2403",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2403"
            },
            {
              "name": "RHSA-2018:2395",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2395"
            },
            {
              "name": "USN-3763-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3763-1/"
            },
            {
              "name": "RHSA-2018:2384",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2384"
            },
            {
              "name": "USN-3741-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3741-1/"
            },
            {
              "name": "RHSA-2018:2402",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2402"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "USN-3742-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-2/"
            },
            {
              "name": "1041434",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041434"
            },
            {
              "name": "USN-3732-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3732-2/"
            },
            {
              "name": "104976",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104976"
            },
            {
              "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
            },
            {
              "name": "1041424",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041424"
            },
            {
              "name": "USN-3742-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-1/"
            },
            {
              "name": "RHSA-2018:2924",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2924"
            },
            {
              "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
            },
            {
              "name": "RHSA-2018:2789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2789"
            },
            {
              "name": "DSA-4266",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4266"
            },
            {
              "name": "RHSA-2018:2645",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2645"
            },
            {
              "name": "USN-3732-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3732-1/"
            },
            {
              "name": "RHSA-2018:2791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2791"
            },
            {
              "name": "RHSA-2018:2790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2790"
            },
            {
              "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180815-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_41",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_41"
            },
            {
              "name": "https://support.f5.com/csp/article/K95343321",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K95343321"
            },
            {
              "name": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack",
              "refsource": "CONFIRM",
              "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
            },
            {
              "name": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2018-5390",
    "datePublished": "2018-08-06T20:00:00",
    "dateReserved": "2018-01-12T00:00:00",
    "dateUpdated": "2024-08-05T05:33:44.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2019-04-18 01:29
Modified
2024-11-21 04:37
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. The arbitrary actions include adding an attacker-controlled device and redirecting calls intended for a specific user. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. This vulnerability is fixed in software version X12.5.1 and later.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/108006Third Party Advisory
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ex-vcs-xsrfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/108006Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ex-vcs-xsrfVendor Advisory
Impacted products
Vendor Product Version
cisco expressway_series -
cisco telepresence_video_communication_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:expressway_series:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E7428A-D2A5-4B77-8562-F75BB8C72976",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E02CA8D6-6483-4F50-A1AE-A4727DF4FCFF",
              "versionEndExcluding": "x12.5.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the FindMe feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. The arbitrary actions include adding an attacker-controlled device and redirecting calls intended for a specific user. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. This vulnerability is fixed in software version X12.5.1 and later."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funci\u00f3n FindMe de Cisco Expressway Series y Cisco TelePresence Video Communication Server (VCS) podr\u00eda permitir a un atacante remoto no identificado realizar un ataque de tipo cross-site request forgery (CSRF) y realizar acciones arbitrarias en un sistema afectado. La vulnerabilidad se debe a las insuficientes protecciones de CSRF para la interfaz de administraci\u00f3n basada en web del sistema afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad al persuadir a un usuario de la interfaz para que siga un enlace creado con fines maliciosos. Una operaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante realizar acciones arbitrarias en un sistema afectado con los privilegios del usuario. Las acciones arbitrarias incluyen agregar un dispositivo controlado por un atacante y redirigir las llamadas destinadas a un usuario espec\u00edfico. Para obtener m\u00e1s informaci\u00f3n sobre los ataques CSRF y las posibles mitigaciones, consulte Cross-Site Request Forgery Threat Vectors. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n de software X12.5.1 y posterior."
    }
  ],
  "id": "CVE-2019-1722",
  "lastModified": "2024-11-21T04:37:10.750",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-18T01:29:02.063",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/108006"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ex-vcs-xsrf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/108006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ex-vcs-xsrf"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-08-06 20:29
Modified
2024-11-21 04:08
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
References
cret@cert.orghttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txtThird Party Advisory
cret@cert.orghttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-enThird Party Advisory
cret@cert.orghttp://www.openwall.com/lists/oss-security/2019/06/28/2Mailing List, Third Party Advisory
cret@cert.orghttp://www.openwall.com/lists/oss-security/2019/07/06/3Mailing List, Third Party Advisory
cret@cert.orghttp://www.openwall.com/lists/oss-security/2019/07/06/4Mailing List, Third Party Advisory
cret@cert.orghttp://www.securityfocus.com/bid/104976Third Party Advisory, VDB Entry
cret@cert.orghttp://www.securitytracker.com/id/1041424Third Party Advisory, VDB Entry
cret@cert.orghttp://www.securitytracker.com/id/1041434Third Party Advisory, VDB Entry
cret@cert.orghttps://access.redhat.com/errata/RHSA-2018:2384Third Party Advisory
cret@cert.orghttps://access.redhat.com/errata/RHSA-2018:2395Third Party Advisory
cret@cert.orghttps://access.redhat.com/errata/RHSA-2018:2402Third Party Advisory
cret@cert.orghttps://access.redhat.com/errata/RHSA-2018:2403Third Party Advisory
cret@cert.orghttps://access.redhat.com/errata/RHSA-2018:2645Third Party Advisory
cret@cert.orghttps://access.redhat.com/errata/RHSA-2018:2776Third Party Advisory
cret@cert.orghttps://access.redhat.com/errata/RHSA-2018:2785Third Party Advisory
cret@cert.orghttps://access.redhat.com/errata/RHSA-2018:2789Third Party Advisory
cret@cert.orghttps://access.redhat.com/errata/RHSA-2018:2790Third Party Advisory
cret@cert.orghttps://access.redhat.com/errata/RHSA-2018:2791Third Party Advisory
cret@cert.orghttps://access.redhat.com/errata/RHSA-2018:2924Third Party Advisory
cret@cert.orghttps://access.redhat.com/errata/RHSA-2018:2933Third Party Advisory
cret@cert.orghttps://access.redhat.com/errata/RHSA-2018:2948Third Party Advisory
cret@cert.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdfThird Party Advisory
cret@cert.orghttps://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72ePatch, Vendor Advisory
cret@cert.orghttps://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
cret@cert.orghttps://lists.debian.org/debian-lts-announce/2018/08/msg00014.htmlThird Party Advisory
cret@cert.orghttps://security.netapp.com/advisory/ntap-20180815-0003/Third Party Advisory
cret@cert.orghttps://support.f5.com/csp/article/K95343321Third Party Advisory
cret@cert.orghttps://support.f5.com/csp/article/K95343321?utm_source=f5support&amp%3Butm_medium=RSS
cret@cert.orghttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcpThird Party Advisory
cret@cert.orghttps://usn.ubuntu.com/3732-1/Third Party Advisory
cret@cert.orghttps://usn.ubuntu.com/3732-2/Third Party Advisory
cret@cert.orghttps://usn.ubuntu.com/3741-1/Third Party Advisory
cret@cert.orghttps://usn.ubuntu.com/3741-2/Third Party Advisory
cret@cert.orghttps://usn.ubuntu.com/3742-1/Third Party Advisory
cret@cert.orghttps://usn.ubuntu.com/3742-2/Third Party Advisory
cret@cert.orghttps://usn.ubuntu.com/3763-1/Third Party Advisory
cret@cert.orghttps://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmackMitigation, Third Party Advisory
cret@cert.orghttps://www.debian.org/security/2018/dsa-4266Third Party Advisory
cret@cert.orghttps://www.kb.cert.org/vuls/id/962459Third Party Advisory, US Government Resource
cret@cert.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
cret@cert.orghttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
cret@cert.orghttps://www.synology.com/support/security/Synology_SA_18_41Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-enThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/06/28/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/07/06/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/07/06/4Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104976Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041424Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041434Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2384Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2395Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2402Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2403Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2645Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2776Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2785Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2789Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2790Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2791Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2924Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2933Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2948Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72ePatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/08/msg00014.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180815-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K95343321Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K95343321?utm_source=f5support&amp%3Butm_medium=RSS
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcpThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3732-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3732-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3741-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3741-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3742-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3742-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3763-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmackMitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4266Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/962459Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/support/security/Synology_SA_18_41Third Party Advisory
Impacted products
Vendor Product Version
redhat virtualization 4.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 6.4
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server_aus 6.6
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_eus 6.4
redhat enterprise_linux_server_eus 6.7
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.4
redhat enterprise_linux_workstation 7.0
linux linux_kernel *
linux linux_kernel 4.18
linux linux_kernel 4.18
linux linux_kernel 4.18
linux linux_kernel 4.18
linux linux_kernel 4.18
linux linux_kernel 4.18
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
debian debian_linux 8.0
debian debian_linux 9.0
hp aruba_airwave_amp *
hp aruba_clearpass_policy_manager *
hp aruba_clearpass_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager 14.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager 14.0.0
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_analytics 14.0.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager 14.0.0
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager 14.0.0
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system 14.0.0
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway 14.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service 14.0.0
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager 14.0.0
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_link_controller 14.0.0
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager 14.0.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager 14.0.0
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator 14.0.0
f5 traffix_systems_signaling_delivery_controller *
f5 traffix_systems_signaling_delivery_controller 4.4.0
a10networks advanced_core_operating_system 3.2.2
a10networks advanced_core_operating_system 3.2.2
a10networks advanced_core_operating_system 4.1.0
a10networks advanced_core_operating_system 4.1.0
a10networks advanced_core_operating_system 4.1.1
a10networks advanced_core_operating_system 4.1.2
a10networks advanced_core_operating_system 4.1.2
a10networks advanced_core_operating_system 4.1.4
a10networks advanced_core_operating_system 4.1.4
cisco collaboration_meeting_rooms 1.0
cisco digital_network_architecture_center 1.2
cisco expressway x8.10
cisco expressway x8.10.1
cisco expressway x8.10.2
cisco expressway x8.10.3
cisco expressway x8.10.4
cisco expressway x8.11
cisco expressway_series -
cisco meeting_management 1.0
cisco meeting_management 1.0.1
cisco network_assurance_engine 2.1\(1a\)
cisco threat_grid-cloud -
cisco webex_hybrid_data_security -
cisco webex_video_mesh -
cisco telepresence_video_communication_server_firmware x8.10
cisco telepresence_video_communication_server_firmware x8.10.1
cisco telepresence_video_communication_server_firmware x8.10.2
cisco telepresence_video_communication_server_firmware x8.10.3
cisco telepresence_video_communication_server_firmware x8.10.4
cisco telepresence_video_communication_server_firmware x8.11
cisco telepresence_video_communication_server -
cisco telepresence_conductor_firmware xc4.3
cisco telepresence_conductor_firmware xc4.3.1
cisco telepresence_conductor_firmware xc4.3.2
cisco telepresence_conductor_firmware xc4.3.3
cisco telepresence_conductor_firmware xc4.3.4
cisco telepresence_conductor -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EDC8561-5E0A-4692-BB71-C88ED7A1229F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C81647C-9A53-481D-A54C-36770A093F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "13E02156-E748-4820-B76F-7074793837E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6E2A48A-1AFB-4878-AE78-18613DE9334F",
              "versionEndExcluding": "4.18",
              "versionStartIncluding": "4.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.18:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0758920B-F8FC-44AB-92E3-CB0B0A5EDA76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.18:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "81EBA79F-0ABF-4213-8BEF-9A927F9E24D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.18:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "364BE028-0C54-4254-9261-59D97C0EDC1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.18:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "C5CD0194-46B1-4CCC-9829-8ED014B77660",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.18:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "DB2B91AF-ACE1-4F6F-B2D0-9D4B7D8D20CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:4.18:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "30FBD992-DD41-441E-A6C7-D39DAC45DA34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:aruba_airwave_amp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A3E8408-DE01-4B3C-9FDF-A51261C524BD",
              "versionEndExcluding": "8.2.7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:aruba_clearpass_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E49DB15-06E7-4709-933E-890A7E65A240",
              "versionEndIncluding": "6.6.9",
              "versionStartIncluding": "6.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hp:aruba_clearpass_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A29A8C01-7E4E-4662-B4F3-07DEF07CC600",
              "versionEndIncluding": "6.7.5",
              "versionStartIncluding": "6.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41E6AF24-0676-4B70-A289-7B81321194DF",
              "versionEndIncluding": "11.6.3",
              "versionStartIncluding": "11.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BB42D3A-71EE-4367-9F65-86404D74E59D",
              "versionEndIncluding": "12.1.3",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1331467F-B278-485E-AD91-7D0643C2F3DB",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44E8F4B6-ACF1-4F2C-A2A4-DF7382CCE628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "195704A8-4911-4A61-8369-711D403052F1",
              "versionEndIncluding": "11.6.3",
              "versionStartIncluding": "11.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5011C2D-FBB5-4117-BB97-11DE70117345",
              "versionEndIncluding": "12.1.3",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E866C4E5-D739-4352-9B6D-9753B4C78A24",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1FDA72E-991D-4451-9C8E-E738F4D12728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDE5A2D0-C268-4D2D-A001-AEC17E92B1DA",
              "versionEndIncluding": "11.6.3",
              "versionStartIncluding": "11.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79344F94-2CB8-4F08-9373-61614A38476C",
              "versionEndIncluding": "12.1.3",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42D16634-442B-4674-B11E-6748D28764BD",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "622C877B-760A-4C50-9FDF-998C010B864E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FA10863-C4C8-4658-8EEA-BC71B3522F36",
              "versionEndIncluding": "11.6.3",
              "versionStartIncluding": "11.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D00EED-F95D-4458-BDC4-3390DE85348B",
              "versionEndIncluding": "12.1.3",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D91EC11-DD9A-434B-9EB4-14AA0E977D8D",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "292EC144-CBA2-4275-9F70-4ED65A505B39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6EC3436-7FAE-4311-8103-7ADBAF40E1C1",
              "versionEndIncluding": "11.6.3",
              "versionStartIncluding": "11.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "397AC4A5-B67C-483B-84F7-8CB294BB460C",
              "versionEndIncluding": "12.1.3",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E697E4FD-1882-4BF8-9B9F-FB7DFD19497B",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80509490-50DA-42F8-8A4A-A6F6B95649BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18A39E28-E7BB-47A3-988B-4EBF070D3538",
              "versionEndIncluding": "11.6.3",
              "versionStartIncluding": "11.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1466F808-2596-4028-8884-27EDD5CACB47",
              "versionEndIncluding": "12.1.3",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "394DF290-9328-4FAD-B04E-61F62B916148",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7BBEC67-BD2E-49D5-8294-977D975D98D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D931BC21-AF80-400C-A7E9-2C4AB19D748A",
              "versionEndIncluding": "11.6.3",
              "versionStartIncluding": "11.5.1.",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A11E433-943D-4D92-B45E-3FA268094278",
              "versionEndIncluding": "12.1.3",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96AA67E0-3471-4699-87A7-E47DD8E313B8",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB76D898-4C7C-40E9-8539-E2A1BC7A5A66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C3C9586-D4ED-4486-9C1F-B357F34F8A84",
              "versionEndIncluding": "11.6.3",
              "versionStartIncluding": "11.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4C3D6F5-D94D-46A3-991C-A11275B59F8E",
              "versionEndIncluding": "12.1.3",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6114B091-1612-4EA2-81D4-2E5455A345F7",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "86D68F26-EF89-4016-BD3A-637951752AAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F002114-483A-462C-B0BD-4E1591009935",
              "versionEndIncluding": "11.6.3",
              "versionStartIncluding": "11.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CCB85A-6F90-4DB7-B0F8-AE5250E1DCFE",
              "versionEndIncluding": "12.1.3",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "36F60067-2623-42F9-8B4F-C24F3268DDB9",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAD6E9A-F8B5-4B2D-B687-AEAB518B8F19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE3443E-9D07-4A82-B110-02ADDA9FDEF3",
              "versionEndIncluding": "11.6.3",
              "versionStartIncluding": "11.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "60189636-02D6-44CA-BE2A-7777E3C409CD",
              "versionEndIncluding": "12.1.3",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68E2840B-96F4-4437-91D1-4AFE99E54D6A",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E592A7-B530-4932-A81D-D1B9ABD64047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D08BA8F-4949-47EC-8EEF-312DC70043B8",
              "versionEndIncluding": "11.6.3",
              "versionStartIncluding": "11.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "47D07AA7-1E0E-4FC3-B8BF-05729619B0AA",
              "versionEndIncluding": "12.1.3",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A197CF35-47EE-4DAE-BC51-90663870B9B9",
              "versionEndIncluding": "13.1.1",
              "versionStartExcluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E734E1C-A92F-4394-8F33-4429161BE47C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9A0A9D-40AF-46DC-B577-DA73B4C2970B",
              "versionEndIncluding": "11.6.3",
              "versionStartIncluding": "11.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AD75094-3248-4D37-969E-75272F6F31D6",
              "versionEndIncluding": "12.1.3",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F4D416-10F4-4C08-A25D-0795F7FE0FBE",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CF10213-FBE4-47A5-8EF2-B45BF15BEB6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A36B6B7D-3900-43D4-B241-E58A1377B4DF",
              "versionEndIncluding": "11.6.3",
              "versionStartIncluding": "11.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7860523-E8B3-4BEE-853A-6F0B5BCDDA5A",
              "versionEndIncluding": "12.1.3",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6944128-3A30-4835-A125-3EA7571D7DC0",
              "versionEndIncluding": "13.1.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5A85C15-B821-4992-9B06-45767E7467D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:traffix_systems_signaling_delivery_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87510FE-775A-44FB-9792-074CD5DE5C38",
              "versionEndIncluding": "5.1.0",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:traffix_systems_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B5497D9-9022-4788-87DB-6C4B4116509A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB85F4D0-A104-4954-8D73-B9980C8E93E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:3.2.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "CECB4DA3-3842-4102-8451-43EC00CBAEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D286AC5-DB3E-4FAE-8441-A4D98B1F1160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.0:p11:*:*:*:*:*:*",
              "matchCriteriaId": "8DE427D5-6E9A-4AC3-830D-7D235DE97389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.1:p8:*:*:*:*:*:*",
              "matchCriteriaId": "F32591D5-D7F6-4C45-B1B5-1D1F8C649DF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "032B2E4E-381E-4662-A6CF-8FA517233681",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "BA708DD0-8A88-4B2B-9B57-A08491DE4696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0013CA3E-0E73-45EA-B2E9-7EA038BAB336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:a10networks:advanced_core_operating_system:4.1.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "F993C993-D118-45A3-9F95-382B54E25439",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:collaboration_meeting_rooms:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E53CEDB-F536-4DA0-917C-C220A3102B90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:digital_network_architecture_center:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27A026D0-AA0D-417A-A06B-8785E5FFCBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:expressway:x8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "31DF55CF-FEDE-43DE-8F55-3264DB7CDD71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:expressway:x8.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A4C837B-4648-4764-B190-36381EE7E664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:expressway:x8.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F044DA47-D8FA-4EF9-B28C-C69D0DE8C3DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:expressway:x8.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E600BCEC-2466-4348-ACE3-955469AA1C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:expressway:x8.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB8DD876-7E51-43A9-8944-B4DEE9E9EDD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:expressway:x8.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "431A3000-D903-4B57-9B54-CC650105B044",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:expressway_series:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E7428A-D2A5-4B77-8562-F75BB8C72976",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_management:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E53549-337C-423F-AB34-F2559C1F225C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:meeting_management:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EABDA6F4-99E7-4354-9760-E9891B47DC8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_assurance_engine:2.1\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BD40D143-B4B4-4C2A-8D9E-D928459FC59E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:threat_grid-cloud:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2B5B87A-CECF-48BF-833E-6E4A6DF647CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_hybrid_data_security:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6A108A5-ADB1-4328-B3C0-9C3CC2CD1346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_video_mesh:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE0F9723-F9BD-422D-8414-040C01C9C0D0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B534882-60A5-4098-A439-A47CBC546E53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB1C3395-1865-4436-81E0-3821B5BB99D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "86ACAFA3-7F76-428A-A6EE-87284FB30B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8908328C-FC17-4BDC-B369-36942225DFAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "988EDFD9-4652-4460-BE48-62219B8A0A6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:telepresence_video_communication_server_firmware:x8.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD9DD18A-43B9-4B43-AF9F-236D42651E46",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:telepresence_video_communication_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "177FA398-F812-4E8D-99A3-3F7E0F690CE6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:telepresence_conductor_firmware:xc4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A8F173C-2D38-42B2-B86F-72B53A96D05D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:telepresence_conductor_firmware:xc4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "27E03126-0FF6-4D4E-8766-A4F0B20741AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:telepresence_conductor_firmware:xc4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F24CB2EC-A79E-4C56-8F03-86D53A9B28A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:telepresence_conductor_firmware:xc4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F2333B-BE03-4D6C-AA16-1E3EB170496E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:telepresence_conductor_firmware:xc4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B199BF45-F9EF-49A0-B2D5-9B9FA6AA1208",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:telepresence_conductor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C65475E-2641-404B-8316-6B6A5029617D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service."
    },
    {
      "lang": "es",
      "value": "El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2018-5390",
  "lastModified": "2024-11-21T04:08:43.610",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-06T20:29:01.570",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104976"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041424"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041434"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2384"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2395"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2402"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2403"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2645"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2776"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2785"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2789"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2790"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2791"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2924"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2933"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2948"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K95343321"
    },
    {
      "source": "cret@cert.org",
      "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3732-1/"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3732-2/"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3741-1/"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3741-2/"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3742-1/"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3742-2/"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3763-1/"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4266"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/962459"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_18_41"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2395"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2402"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2403"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2776"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2933"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K95343321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3732-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3732-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3741-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3741-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3742-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3742-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3763-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4266"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/962459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_18_41"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}