All the vulnerabilites related to zyxel - gs1900-10hp_firmware
cve-2016-1317
Vulnerability from cvelistv5
Published
2016-02-09 02:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1034957 | vdb-entry, x_refsource_SECTRACK | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201600208-ucm | vendor-advisory, x_refsource_CISCO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:55:13.682Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1034957", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034957" }, { "name": "20160208 Cisco Unified Communications Manager Information Disclosure Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201600208-ucm" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-02-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-02T20:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "1034957", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034957" }, { "name": "20160208 Cisco Unified Communications Manager Information Disclosure Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201600208-ucm" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1317", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1034957", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034957" }, { "name": "20160208 Cisco Unified Communications Manager Information Disclosure Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201600208-ucm" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1317", "datePublished": "2016-02-09T02:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:13.682Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35140
Vulnerability from cvelistv5
Published
2023-11-07 01:44
Modified
2024-09-04 18:54
Severity ?
EPSS score ?
Summary
The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Zyxel | GS1900-24EP firmware |
Version: V2.70(ABTO.5) |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:23:59.139Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-gs1900-series-switches" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35140", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T18:36:49.739422Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T18:54:22.844Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "GS1900-24EP firmware", "vendor": "Zyxel", "versions": [ { "status": "affected", "version": "V2.70(ABTO.5)" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version\u0026nbsp;V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device." } ], "value": "The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version\u00a0V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-07T01:44:18.953Z", "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-gs1900-series-switches" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "cveId": "CVE-2023-35140", "datePublished": "2023-11-07T01:44:18.953Z", "dateReserved": "2023-06-14T06:26:48.564Z", "dateUpdated": "2024-09-04T18:54:22.844Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34746
Vulnerability from cvelistv5
Published
2022-09-20 01:50
Modified
2024-08-03 09:22
Severity ?
EPSS score ?
Summary
An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Zyxel | Zyxel GS1900 series firmware |
Version: < V2.70 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:22:09.990Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Zyxel GS1900 series firmware", "vendor": "Zyxel", "versions": [ { "status": "affected", "version": "\u003c V2.70" } ] } ], "descriptions": [ { "lang": "en", "value": "An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-331", "description": "CWE-331: Insufficient Entropy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-20T01:50:09", "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@zyxel.com.tw", "ID": "CVE-2022-34746", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Zyxel GS1900 series firmware", "version": { "version_data": [ { "version_value": "\u003c V2.70" } ] } } ] }, "vendor_name": "Zyxel" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface." } ] }, "impact": { "cvss": { "baseScore": "5.9", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-331: Insufficient Entropy" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches", "refsource": "CONFIRM", "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches" } ] } } } }, "cveMetadata": { "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "cveId": "CVE-2022-34746", "datePublished": "2022-09-20T01:50:09", "dateReserved": "2022-06-28T00:00:00", "dateUpdated": "2024-08-03T09:22:09.990Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1302
Vulnerability from cvelistv5
Published
2016-02-07 11:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.
References
▼ | URL | Tags |
---|---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic | vendor-advisory, x_refsource_CISCO | |
http://www.securitytracker.com/id/1034925 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:48:13.687Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20160203 Cisco Application Policy Infrastructure Controller Access Control Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic" }, { "name": "1034925", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034925" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-02-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-02T20:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20160203 Cisco Application Policy Infrastructure Controller Access Control Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic" }, { "name": "1034925", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034925" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1302", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20160203 Cisco Application Policy Infrastructure Controller Access Control Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic" }, { "name": "1034925", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034925" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1302", "datePublished": "2016-02-07T11:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:48:13.687Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1346
Vulnerability from cvelistv5
Published
2016-04-06 23:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.
References
▼ | URL | Tags |
---|---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts | vendor-advisory, x_refsource_CISCO | |
http://www.securitytracker.com/id/1035499 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:55:14.178Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20160406 Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts" }, { "name": "1035499", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035499" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-04-06T00:00:00", "descriptions": [ { "lang": "en", "value": "The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-30T18:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20160406 Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts" }, { "name": "1035499", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035499" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1346", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20160406 Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts" }, { "name": "1035499", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035499" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1346", "datePublished": "2016-04-06T23:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.178Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-0718
Vulnerability from cvelistv5
Published
2016-03-03 22:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1035159 | vdb-entry, x_refsource_SECTRACK | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack | vendor-advisory, x_refsource_CISCO | |
http://www.securitytracker.com/id/1035160 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T04:17:32.749Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1035159", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035159" }, { "name": "20160302 Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack" }, { "name": "1035160", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035160" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-03-02T00:00:00", "descriptions": [ { "lang": "en", "value": "Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "1035159", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035159" }, { "name": "20160302 Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack" }, { "name": "1035160", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035160" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-0718", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1035159", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035159" }, { "name": "20160302 Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack" }, { "name": "1035160", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035160" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-0718", "datePublished": "2016-03-03T22:00:00", "dateReserved": "2015-01-07T00:00:00", "dateUpdated": "2024-08-06T04:17:32.749Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-2243
Vulnerability from cvelistv5
Published
2016-03-04 15:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.
References
▼ | URL | Tags |
---|---|---|
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469 | vendor-advisory, x_refsource_HP | |
http://www.securitytracker.com/id/1035193 | vdb-entry, x_refsource_SECTRACK | |
https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469 | vendor-advisory, x_refsource_HP |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:24:48.480Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "PSRT110027", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469" }, { "name": "1035193", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035193" }, { "name": "HPSBHF03439", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-02-26T00:00:00", "descriptions": [ { "lang": "en", "value": "Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp" }, "references": [ { "name": "PSRT110027", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469" }, { "name": "1035193", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035193" }, { "name": "HPSBHF03439", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2016-2243", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "PSRT110027", "refsource": "HP", "url": "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469" }, { "name": "1035193", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035193" }, { "name": "HPSBHF03439", "refsource": "HP", "url": "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469" } ] } } } }, "cveMetadata": { "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "assignerShortName": "hp", "cveId": "CVE-2016-2243", "datePublished": "2016-03-04T15:00:00", "dateReserved": "2016-02-08T00:00:00", "dateUpdated": "2024-08-05T23:24:48.480Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-38270
Vulnerability from cvelistv5
Published
2024-09-10 01:20
Modified
2024-09-10 15:15
Severity ?
EPSS score ?
Summary
An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid session token if multiple authenticated sessions are alive.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Zyxel | GS1900-10HP firmware |
Version: V2.80(AAZI.0)C0 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-38270", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:13:31.308353Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-10T15:15:34.477Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "GS1900-10HP firmware", "vendor": "Zyxel", "versions": [ { "status": "affected", "version": "V2.80(AAZI.0)C0" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid session token if multiple authenticated sessions are alive." } ], "value": "An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid session token if multiple authenticated sessions are alive." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-331", "description": "CWE-331 Insufficient Entropy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T01:20:09.147Z", "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-for-web-authentication-tokens-generation-in-gs1900-series-switches-09-10-2024" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "cveId": "CVE-2024-38270", "datePublished": "2024-09-10T01:20:09.147Z", "dateReserved": "2024-06-12T09:11:12.898Z", "dateUpdated": "2024-09-10T15:15:34.477Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-5990
Vulnerability from cvelistv5
Published
2015-12-31 16:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.
References
▼ | URL | Tags |
---|---|---|
https://www.kb.cert.org/vuls/id/201168 | third-party-advisory, x_refsource_CERT-VN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:06:35.112Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#201168", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/201168" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-08-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2015-12-31T16:57:02", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "name": "VU#201168", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://www.kb.cert.org/vuls/id/201168" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2015-5990", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#201168", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/201168" } ] } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2015-5990", "datePublished": "2015-12-31T16:00:00", "dateReserved": "2015-08-14T00:00:00", "dateUpdated": "2024-08-06T07:06:35.112Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-15801
Vulnerability from cvelistv5
Published
2019-11-14 20:16
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0.
References
▼ | URL | Tags |
---|---|---|
https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | x_refsource_MISC | |
https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:56:22.466Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-14T20:16:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15801", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html", "refsource": "MISC", "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "name": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml", "refsource": "CONFIRM", "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15801", "datePublished": "2019-11-14T20:16:08", "dateReserved": "2019-08-29T00:00:00", "dateUpdated": "2024-08-05T00:56:22.466Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-35032
Vulnerability from cvelistv5
Published
2021-12-28 10:42
Modified
2024-08-04 00:33
Severity ?
EPSS score ?
Summary
A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.
References
▼ | URL | Tags |
---|---|---|
https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Zyxel | GS1900 series firmware |
Version: 2.60 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:33:49.889Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GS1900 series firmware", "vendor": "Zyxel", "versions": [ { "status": "affected", "version": "2.60" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the \u0027libsal.so\u0027 of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-28T10:42:07", "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@zyxel.com.tw", "ID": "CVE-2021-35032", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GS1900 series firmware", "version": { "version_data": [ { "version_value": "2.60" } ] } } ] }, "vendor_name": "Zyxel" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the \u0027libsal.so\u0027 of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call." } ] }, "impact": { "cvss": { "baseScore": "6.4", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml", "refsource": "CONFIRM", "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml" } ] } } } }, "cveMetadata": { "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "cveId": "CVE-2021-35032", "datePublished": "2021-12-28T10:42:07", "dateReserved": "2021-06-17T00:00:00", "dateUpdated": "2024-08-04T00:33:49.889Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-15804
Vulnerability from cvelistv5
Published
2019-11-14 20:15
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console.
References
▼ | URL | Tags |
---|---|---|
https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | x_refsource_MISC | |
https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:56:22.466Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains \"Password recovery for specific user\" options. The menu is believed to be accessible using a serial console." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-14T20:15:46", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15804", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains \"Password recovery for specific user\" options. The menu is believed to be accessible using a serial console." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html", "refsource": "MISC", "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "name": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml", "refsource": "CONFIRM", "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15804", "datePublished": "2019-11-14T20:15:46", "dateReserved": "2019-08-29T00:00:00", "dateUpdated": "2024-08-05T00:56:22.466Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-6313
Vulnerability from cvelistv5
Published
2016-04-06 23:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1035501 | vdb-entry, x_refsource_SECTRACK | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1 | vendor-advisory, x_refsource_CISCO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:15:13.298Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1035501", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035501" }, { "name": "20160406 Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-04-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-30T18:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "1035501", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035501" }, { "name": "20160406 Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-6313", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1035501", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035501" }, { "name": "20160406 Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-6313", "datePublished": "2016-04-06T23:00:00", "dateReserved": "2015-08-17T00:00:00", "dateUpdated": "2024-08-06T07:15:13.298Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-15800
Vulnerability from cvelistv5
Published
2019-11-14 20:16
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)
References
▼ | URL | Tags |
---|---|---|
https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | x_refsource_MISC | |
https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:56:22.476Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-14T20:16:20", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15800", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html", "refsource": "MISC", "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "name": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml", "refsource": "CONFIRM", "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15800", "datePublished": "2019-11-14T20:16:20", "dateReserved": "2019-08-29T00:00:00", "dateUpdated": "2024-08-05T00:56:22.476Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-8882
Vulnerability from cvelistv5
Published
2024-11-12 01:23
Modified
2024-11-12 14:27
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Zyxel | GS1900-48 firmware |
Version: <= V2.80(AAHN.1)C0 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-8882", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-12T14:26:19.164032Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-12T14:27:10.174Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "GS1900-48 firmware", "vendor": "Zyxel", "versions": [ { "status": "affected", "version": "\u003c= V2.80(AAHN.1)C0" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier\u0026nbsp;could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL." } ], "value": "A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier\u00a0could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-12T01:23:57.405Z", "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-buffer-overflow-vulnerabilities-in-gs1900-series-switches-11-12-2024" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "cveId": "CVE-2024-8882", "datePublished": "2024-11-12T01:23:57.405Z", "dateReserved": "2024-09-16T02:29:48.579Z", "dateUpdated": "2024-11-12T14:27:10.174Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45853
Vulnerability from cvelistv5
Published
2023-05-30 10:02
Modified
2025-01-10 17:32
Severity ?
EPSS score ?
Summary
The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version
V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Zyxel | GS1900-8HP firmware |
Version: V2.70(AAHI.3) |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:24:03.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-45853", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-10T17:32:17.796591Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-10T17:32:54.505Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "GS1900-8HP firmware", "vendor": "Zyxel", "versions": [ { "status": "affected", "version": "V2.70(AAHI.3)" } ] }, { "defaultStatus": "unaffected", "product": "GS1900-8 firmware", "vendor": "Zyxel", "versions": [ { "status": "affected", "version": "V2.70(AAHH.3)" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eV2.70(AAHH.3)\u003c/span\u003e\u0026nbsp;and the GS1900-8HP firmware version\u0026nbsp;V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as \u0027root\u0027 on a vulnerable device via SSH." } ], "value": "The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version \n\nV2.70(AAHH.3)\u00a0and the GS1900-8HP firmware version\u00a0V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as \u0027root\u0027 on a vulnerable device via SSH." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-06T01:35:03.430Z", "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel" }, "references": [ { "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "cveId": "CVE-2022-45853", "datePublished": "2023-05-30T10:02:46.637Z", "dateReserved": "2022-11-23T08:05:40.138Z", "dateUpdated": "2025-01-10T17:32:54.505Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1348
Vulnerability from cvelistv5
Published
2016-03-26 01:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.
References
▼ | URL | Tags |
---|---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6 | vendor-advisory, x_refsource_CISCO | |
http://www.securitytracker.com/id/1035381 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:55:14.079Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20160323 Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6" }, { "name": "1035381", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035381" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-03-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-30T18:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20160323 Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6" }, { "name": "1035381", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035381" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1348", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20160323 Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6" }, { "name": "1035381", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035381" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1348", "datePublished": "2016-03-26T01:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.079Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-5989
Vulnerability from cvelistv5
Published
2015-12-31 16:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.
References
▼ | URL | Tags |
---|---|---|
https://www.kb.cert.org/vuls/id/201168 | third-party-advisory, x_refsource_CERT-VN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:06:35.103Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#201168", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/201168" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-08-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2015-12-31T16:57:02", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "name": "VU#201168", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://www.kb.cert.org/vuls/id/201168" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2015-5989", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#201168", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/201168" } ] } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2015-5989", "datePublished": "2015-12-31T16:00:00", "dateReserved": "2015-08-14T00:00:00", "dateUpdated": "2024-08-06T07:06:35.103Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-5987
Vulnerability from cvelistv5
Published
2015-12-31 16:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.
References
▼ | URL | Tags |
---|---|---|
https://www.kb.cert.org/vuls/id/201168 | third-party-advisory, x_refsource_CERT-VN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:06:35.112Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#201168", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/201168" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-08-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2015-12-31T16:57:02", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "name": "VU#201168", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://www.kb.cert.org/vuls/id/201168" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2015-5987", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#201168", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/201168" } ] } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2015-5987", "datePublished": "2015-12-31T16:00:00", "dateReserved": "2015-08-14T00:00:00", "dateUpdated": "2024-08-06T07:06:35.112Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-6312
Vulnerability from cvelistv5
Published
2016-04-06 23:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348.
References
▼ | URL | Tags |
---|---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2 | vendor-advisory, x_refsource_CISCO | |
http://www.securitytracker.com/id/1035500 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:15:13.305Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20160406 Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2" }, { "name": "1035500", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035500" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-04-06T00:00:00", "descriptions": [ { "lang": "en", "value": "Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-30T18:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20160406 Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2" }, { "name": "1035500", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035500" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-6312", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20160406 Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2" }, { "name": "1035500", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035500" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-6312", "datePublished": "2016-04-06T23:00:00", "dateReserved": "2015-08-17T00:00:00", "dateUpdated": "2024-08-06T07:15:13.305Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1350
Vulnerability from cvelistv5
Published
2016-03-26 01:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1035421 | vdb-entry, x_refsource_SECTRACK | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip | vendor-advisory, x_refsource_CISCO | |
http://www.securityfocus.com/bid/85372 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1035420 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:55:14.372Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1035421", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035421" }, { "name": "20160323 Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip" }, { "name": "85372", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/85372" }, { "name": "1035420", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035420" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-03-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-11T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "1035421", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035421" }, { "name": "20160323 Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip" }, { "name": "85372", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/85372" }, { "name": "1035420", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035420" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1350", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1035421", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035421" }, { "name": "20160323 Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip" }, { "name": "85372", "refsource": "BID", "url": "http://www.securityfocus.com/bid/85372" }, { "name": "1035420", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035420" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1350", "datePublished": "2016-03-26T01:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.372Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-35030
Vulnerability from cvelistv5
Published
2021-07-26 11:20
Modified
2024-09-17 01:46
Severity ?
EPSS score ?
Summary
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Zyxel | GS1900-8 Firmware |
Version: 2.60 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:33:49.831Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GS1900_series_switches.shtml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GS1900-8 Firmware", "vendor": "Zyxel", "versions": [ { "status": "affected", "version": "2.60" } ] } ], "datePublic": "2021-07-27T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-26T11:20:40", "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GS1900_series_switches.shtml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@zyxel.com.tw", "DATE_PUBLIC": "2021-07-27 10:00:00+0800", "ID": "CVE-2021-35030", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GS1900-8 Firmware", "version": { "version_data": [ { "version_value": "2.60" } ] } } ] }, "vendor_name": "Zyxel" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet." } ] }, "impact": { "cvss": { "baseScore": "3.5", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GS1900_series_switches.shtml", "refsource": "MISC", "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GS1900_series_switches.shtml" } ] } } } }, "cveMetadata": { "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "cveId": "CVE-2021-35030", "datePublished": "2021-07-26T11:20:40.191209Z", "dateReserved": "2021-06-17T00:00:00", "dateUpdated": "2024-09-17T01:46:12.877Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-15799
Vulnerability from cvelistv5
Published
2019-11-14 20:16
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained.
References
▼ | URL | Tags |
---|---|---|
https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | x_refsource_MISC | |
https://vimeo.com/354726424 | x_refsource_MISC | |
https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:56:22.461Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://vimeo.com/354726424" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-14T20:16:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://vimeo.com/354726424" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15799", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html", "refsource": "MISC", "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "name": "https://vimeo.com/354726424", "refsource": "MISC", "url": "https://vimeo.com/354726424" }, { "name": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml", "refsource": "CONFIRM", "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15799", "datePublished": "2019-11-14T20:16:33", "dateReserved": "2019-08-29T00:00:00", "dateUpdated": "2024-08-05T00:56:22.461Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1319
Vulnerability from cvelistv5
Published
2016-02-09 02:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1034958 | vdb-entry, x_refsource_SECTRACK | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm | vendor-advisory, x_refsource_CISCO | |
http://www.securitytracker.com/id/1034959 | vdb-entry, x_refsource_SECTRACK | |
http://www.securitytracker.com/id/1034960 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:55:14.053Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1034958", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034958" }, { "name": "20160208 Cisco Unified Products Information Disclosure Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm" }, { "name": "1034959", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034959" }, { "name": "1034960", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034960" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-02-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM \u0026 Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-02T20:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "1034958", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034958" }, { "name": "20160208 Cisco Unified Products Information Disclosure Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm" }, { "name": "1034959", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034959" }, { "name": "1034960", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034960" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1319", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM \u0026 Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1034958", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034958" }, { "name": "20160208 Cisco Unified Products Information Disclosure Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm" }, { "name": "1034959", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034959" }, { "name": "1034960", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034960" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1319", "datePublished": "2016-02-09T02:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.053Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-8881
Vulnerability from cvelistv5
Published
2024-11-12 01:17
Modified
2024-11-12 16:16
Severity ?
EPSS score ?
Summary
A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Zyxel | GS1900-48 firmware |
Version: <= V2.80(AAHN.1)C0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "gs1900-48_firmware", "vendor": "zyxel", "versions": [ { "lessThanOrEqual": "2.80(AAHN.1)C0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-8881", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-12T16:07:07.517356Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-12T16:16:27.550Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "GS1900-48 firmware", "vendor": "Zyxel", "versions": [ { "status": "affected", "version": "\u003c= V2.80(AAHN.1)C0" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request." } ], "value": "A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-12T01:17:36.728Z", "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-buffer-overflow-vulnerabilities-in-gs1900-series-switches-11-12-2024" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "cveId": "CVE-2024-8881", "datePublished": "2024-11-12T01:17:36.728Z", "dateReserved": "2024-09-16T02:29:47.178Z", "dateUpdated": "2024-11-12T16:16:27.550Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-5988
Vulnerability from cvelistv5
Published
2015-12-31 16:00
Modified
2024-08-06 07:06
Severity ?
EPSS score ?
Summary
The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
References
▼ | URL | Tags |
---|---|---|
https://www.kb.cert.org/vuls/id/201168 | third-party-advisory, x_refsource_CERT-VN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:06:35.182Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#201168", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/201168" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-08-31T00:00:00", "descriptions": [ { "lang": "en", "value": "The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2015-12-31T16:57:02", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "name": "VU#201168", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://www.kb.cert.org/vuls/id/201168" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2015-5988", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#201168", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/201168" } ] } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2015-5988", "datePublished": "2015-12-31T16:00:00", "dateReserved": "2015-08-14T00:00:00", "dateUpdated": "2024-08-06T07:06:35.182Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-15802
Vulnerability from cvelistv5
Published
2019-11-14 20:16
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware.
References
▼ | URL | Tags |
---|---|---|
https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | x_refsource_MISC | |
https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:56:22.467Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-14T20:16:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15802", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html", "refsource": "MISC", "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "name": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml", "refsource": "CONFIRM", "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15802", "datePublished": "2019-11-14T20:16:03", "dateReserved": "2019-08-29T00:00:00", "dateUpdated": "2024-08-05T00:56:22.467Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1307
Vulnerability from cvelistv5
Published
2016-02-07 11:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.
References
▼ | URL | Tags |
---|---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce | vendor-advisory, x_refsource_CISCO | |
http://www.securitytracker.com/id/1034921 | vdb-entry, x_refsource_SECTRACK | |
http://www.securitytracker.com/id/1034920 | vdb-entry, x_refsource_SECTRACK |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:55:12.606Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20160202 Cisco Finesse Desktop and Cisco Unified Contact Center Express Applications XMPP Unauthorized Access Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce" }, { "name": "1034921", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034921" }, { "name": "1034920", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034920" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-02-02T00:00:00", "descriptions": [ { "lang": "en", "value": "The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-02T20:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20160202 Cisco Finesse Desktop and Cisco Unified Contact Center Express Applications XMPP Unauthorized Access Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce" }, { "name": "1034921", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034921" }, { "name": "1034920", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034920" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1307", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20160202 Cisco Finesse Desktop and Cisco Unified Contact Center Express Applications XMPP Unauthorized Access Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce" }, { "name": "1034921", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034921" }, { "name": "1034920", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034920" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1307", "datePublished": "2016-02-07T11:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:12.606Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-35031
Vulnerability from cvelistv5
Published
2021-12-28 10:36
Modified
2024-08-04 00:33
Severity ?
EPSS score ?
Summary
A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.
References
▼ | URL | Tags |
---|---|---|
https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Zyxel | GS1900 series firmware |
Version: 2.60 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:33:49.873Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GS1900 series firmware", "vendor": "Zyxel", "versions": [ { "status": "affected", "version": "2.60" } ] }, { "product": "XGS1210 series firmware", "vendor": "Zyxel", "versions": [ { "status": "affected", "version": "1.00(ABTY.4)C0" } ] }, { "product": "XGS1250 series firmware", "vendor": "Zyxel", "versions": [ { "status": "affected", "version": "1.00(ABWE.0)C0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-28T16:05:43", "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@zyxel.com.tw", "ID": "CVE-2021-35031", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GS1900 series firmware", "version": { "version_data": [ { "version_value": "2.60" } ] } }, { "product_name": "XGS1210 series firmware", "version": { "version_data": [ { "version_value": "1.00(ABTY.4)C0" } ] } }, { "product_name": "XGS1250 series firmware", "version": { "version_data": [ { "version_value": "1.00(ABWE.0)C0" } ] } } ] }, "vendor_name": "Zyxel" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device." } ] }, "impact": { "cvss": { "baseScore": "6.8", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml", "refsource": "CONFIRM", "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml" } ] } } } }, "cveMetadata": { "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "cveId": "CVE-2021-35031", "datePublished": "2021-12-28T10:36:23", "dateReserved": "2021-06-17T00:00:00", "dateUpdated": "2024-08-04T00:33:49.873Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-6260
Vulnerability from cvelistv5
Published
2016-03-03 22:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1035158 | vdb-entry, x_refsource_SECTRACK | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp | vendor-advisory, x_refsource_CISCO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:15:13.278Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1035158", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035158" }, { "name": "20160302 Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-03-02T00:00:00", "descriptions": [ { "lang": "en", "value": "Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "1035158", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035158" }, { "name": "20160302 Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-6260", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1035158", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035158" }, { "name": "20160302 Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-6260", "datePublished": "2016-03-03T22:00:00", "dateReserved": "2015-08-17T00:00:00", "dateUpdated": "2024-08-06T07:15:13.278Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-6398
Vulnerability from cvelistv5
Published
2016-02-07 11:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1034928 | vdb-entry, x_refsource_SECTRACK | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci | vendor-advisory, x_refsource_CISCO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:22:21.152Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1034928", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1034928" }, { "name": "20160203 Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-02-03T00:00:00", "descriptions": [ { "lang": "en", "value": "Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-02T20:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "1034928", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1034928" }, { "name": "20160203 Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-6398", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1034928", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034928" }, { "name": "20160203 Cisco Nexus 9000 Series ACI Mode Switch ICMP Record Route Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-6398", "datePublished": "2016-02-07T11:00:00", "dateReserved": "2015-08-17T00:00:00", "dateUpdated": "2024-08-06T07:22:21.152Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1329
Vulnerability from cvelistv5
Published
2016-03-03 11:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.
References
▼ | URL | Tags |
---|---|---|
https://isc.sans.edu/forums/diary/20795 | x_refsource_MISC | |
http://www.securitytracker.com/id/1035161 | vdb-entry, x_refsource_SECTRACK | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k | vendor-advisory, x_refsource_CISCO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:55:13.907Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://isc.sans.edu/forums/diary/20795" }, { "name": "1035161", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035161" }, { "name": "20160302 Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-03-02T00:00:00", "descriptions": [ { "lang": "en", "value": "Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://isc.sans.edu/forums/diary/20795" }, { "name": "1035161", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035161" }, { "name": "20160302 Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1329", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://isc.sans.edu/forums/diary/20795", "refsource": "MISC", "url": "https://isc.sans.edu/forums/diary/20795" }, { "name": "1035161", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035161" }, { "name": "20160302 Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1329", "datePublished": "2016-03-03T11:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:13.907Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1344
Vulnerability from cvelistv5
Published
2016-03-26 01:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
References
▼ | URL | Tags |
---|---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2 | vendor-advisory, x_refsource_CISCO | |
http://www.securitytracker.com/id/1035382 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/85311 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:55:14.115Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20160323 Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2" }, { "name": "1035382", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035382" }, { "name": "85311", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/85311" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-03-23T00:00:00", "descriptions": [ { "lang": "en", "value": "The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-11T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20160323 Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2" }, { "name": "1035382", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035382" }, { "name": "85311", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/85311" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1344", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20160323 Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2" }, { "name": "1035382", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035382" }, { "name": "85311", "refsource": "BID", "url": "http://www.securityfocus.com/bid/85311" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1344", "datePublished": "2016-03-26T01:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.115Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1349
Vulnerability from cvelistv5
Published
2016-03-26 01:00
Modified
2024-08-05 22:55
Severity ?
EPSS score ?
Summary
The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.
References
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1035385 | vdb-entry, x_refsource_SECTRACK | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi | vendor-advisory, x_refsource_CISCO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:55:14.260Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1035385", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1035385" }, { "name": "20160323 Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-03-23T00:00:00", "descriptions": [ { "lang": "en", "value": "The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-11-30T18:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "1035385", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1035385" }, { "name": "20160323 Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1349", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "1035385", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035385" }, { "name": "20160323 Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi" } ] } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1349", "datePublished": "2016-03-26T01:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.260Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-15803
Vulnerability from cvelistv5
Published
2019-11-14 20:15
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.
References
▼ | URL | Tags |
---|---|---|
https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | x_refsource_MISC | |
https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:56:22.468Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-14T20:15:56", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15803", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html", "refsource": "MISC", "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "name": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml", "refsource": "CONFIRM", "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15803", "datePublished": "2019-11-14T20:15:56", "dateReserved": "2019-08-29T00:00:00", "dateUpdated": "2024-08-05T00:56:22.468Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2016-03-04 15:59
Modified
2024-11-21 02:48
Severity ?
Summary
Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:hp:elitebook_725_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "0DBD4012-6ABA-4EC5-8CE5-4BA947D660FD", "vulnerable": false }, { "criteria": "cpe:2.3:h:hp:elitebook_745_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "056188C4-E214-4C71-8D84-5B7FF34146D2", "vulnerable": false }, { "criteria": "cpe:2.3:h:hp:elitebook_755_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A69E93D-B289-4777-BDD0-B4AAA62441DB", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:700_series_firmware:1.08:*:*:*:*:*:*:*", "matchCriteriaId": "69A2C142-122F-4585-B906-484960B5115A", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:hp:elitedesk_800_g2_twr:-:*:*:*:*:*:*:*", "matchCriteriaId": "D197258C-37DB-463A-AC0A-56D19BB8B3CD", "vulnerable": false }, { "criteria": "cpe:2.3:h:hp:elitedesk_800_sff:-:*:*:*:*:*:*:*", "matchCriteriaId": "F39CDC2B-E09B-460E-A42B-A95EB2A922AF", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:800_series_firmware:2.09:*:*:*:*:*:*:*", "matchCriteriaId": "BABE16B2-E0C5-4995-8604-A37DC5446BEB", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:hp:z240_sff_workstation_n51:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC886BC4-E813-442C-9CA2-8E54D322140F", "vulnerable": false }, { "criteria": "cpe:2.3:h:hp:z240_tower_workstation_n51:-:*:*:*:*:*:*:*", "matchCriteriaId": "4FC8B2BD-3B43-43FB-8901-E9084DE2F7A0", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:z240_firmware:1.11:*:*:*:*:*:*:*", "matchCriteriaId": "A7239AB8-3752-47CA-A717-559EE4B5EDF9", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:700_series_firmware:2.09:*:*:*:*:*:*:*", "matchCriteriaId": "1CEC1F99-EC0B-4445-8807-78BB8CEC92C0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:hp:elitedesk_705_g2_mt_sff:-:*:*:*:*:*:*:*", "matchCriteriaId": "79A341B2-9A98-4D9D-B547-A0563788776C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:hp:z238_microtower_workstation_n51:-:*:*:*:*:*:*:*", "matchCriteriaId": "753C6B8C-331B-4368-A3F6-DA76A362521A", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:z238_firmware:1.11:*:*:*:*:*:*:*", "matchCriteriaId": "BEDA9695-6F36-42C0-B70B-EF484B68DBF8", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:hp:zbook_15_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8577621-8CE8-4C94-9E37-A0A1AD76567C", "vulnerable": false }, { "criteria": "cpe:2.3:h:hp:zbook_15u_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "87151407-3BCE-4716-BEF9-3482F858D8FE", "vulnerable": false }, { "criteria": "cpe:2.3:h:hp:zbook_17_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE3D4433-E6DC-403B-B0B1-878121AA0EFD", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:zbook_firmware:1.03:*:*:*:*:*:*:*", "matchCriteriaId": "4EC74E5D-2403-4A84-9E8C-5959284646B2", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:hp:elitedesk_800_g2_dm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF7DCD99-8E68-4AE7-8693-7F089C7C0866", "vulnerable": false }, { "criteria": "cpe:2.3:h:hp:mp9_g2_retail_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "395806EE-6281-4753-AE76-E4594F04368E", "vulnerable": false }, { "criteria": "cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A5867B4-EC19-45D4-87BE-867E1D41ECD5", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:800_series_firmware:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "72F08F1B-D4BC-460A-A8A8-E80BE18A7A8D", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:hp:elitebook_820_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCD06E7E-045C-4A57-9197-1B12F686514C", "vulnerable": false }, { "criteria": "cpe:2.3:h:hp:elitebook_840_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "A67B506C-A2CD-4B4B-81C9-AB03B9164EFD", "vulnerable": false }, { "criteria": "cpe:2.3:h:hp:elitebook_850_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "17B61731-7ADD-4CB5-AE0D-0DA1D6C9C000", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:1000_series_firmware:1.04:*:*:*:*:*:*:*", "matchCriteriaId": "FC1A53CB-994F-4ECA-A8AA-DB48D0237C49", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:hp:elitebook_folio_1012_x2_g2:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5C6EF85-716D-421F-B12F-86B696E66E84", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:1000_series_firmware:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "66DE89D3-7339-47FD-8041-CB290C2C0824", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:hp:elitebook_folio_1040_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDB7C8C9-7CF2-4EE3-8BD3-0A9573DDFB61", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:1000_series_firmware:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "7373ED50-0797-46E5-9C05-1DF9ABB9B754", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:hp:elitedesk_705_g2_dm:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CE35D9B-38FD-4EEA-8E0B-DAFF7789635E", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:700_series_firmware:2.05:*:*:*:*:*:*:*", "matchCriteriaId": "4B7CC714-821A-47C6-A13C-D8143FDE8E14", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:hp:mt42_mobile_thin_client:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AF1DD47-D985-46F1-8AF0-E42BC7AF9697", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:700_series_firmware:1.05:*:*:*:*:*:*:*", "matchCriteriaId": "425BA985-5183-405D-AFA6-08133BA1575F", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:hp:zbook_studio_g3:-:*:*:*:*:*:*:*", "matchCriteriaId": "81015892-0FAB-4A12-8B58-2ABBAB369506", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:zbook_firmware:1.04:*:*:*:*:*:*:*", "matchCriteriaId": "BDE73881-196A-482C-B099-6B840E7DFBC0", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:700_series_firmware:2.07:*:*:*:*:*:*:*", "matchCriteriaId": "938EA694-1C02-4DF2-833C-FE36EA975484", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access." }, { "lang": "es", "value": "Sure Start en HP Commercial PCs 2015 permite a usuarios locales causar una denegaci\u00f3n de servicio (fallo de recuperaci\u00f3n de la BIOS) aprovech\u00e1ndose del acceso administrativo." } ], "id": "CVE-2016-2243", "lastModified": "2024-11-21T02:48:06.007", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:C", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 1.5, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-03-04T15:59:00.107", "references": [ { "source": "hp-security-alert@hp.com", "url": "http://www.securitytracker.com/id/1035193" }, { "source": "hp-security-alert@hp.com", "tags": [ "Vendor Advisory" ], "url": "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469" }, { "source": "hp-security-alert@hp.com", "tags": [ "Vendor Advisory" ], "url": "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035193" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05012469" } ], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-284" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-12-28 11:15
Modified
2024-11-21 06:11
Severity ?
6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF8E2361-4094-4EF4-ABD1-2AA7F6306F17", "versionEndExcluding": "2.70\\(aahh.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B977BC02-1C92-4A11-B63B-08D521257313", "versionEndExcluding": "2.70\\(aahi.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0426305E-B895-4F3F-BBFD-B67532B23D45", "versionEndExcluding": "2.70\\(aazi.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEC06507-70AD-4518-A206-51DCF3A372EC", "versionEndExcluding": "2.70\\(aahj.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8FA189B-1FCD-4A54-8867-8F640EA6E23D", "versionEndExcluding": "2.70\\(aahk.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E6A17B4-4E5A-4B59-8D4E-34D3D4E474FD", "versionEndExcluding": "2.70\\(abto.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*", "matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDCE590C-002A-4DAA-84AB-23B976F0F510", "versionEndExcluding": "2.70\\(aahl.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A54568EB-94F3-4817-BD25-C5F52ED1B9AB", "versionEndExcluding": "2.70\\(aahm.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "48A11824-D68D-41F0-BA0B-69C6CEEC5948", "versionEndExcluding": "2.70\\(aatp.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFBB3AFE-A826-43DC-A18F-FFD68E08E23E", "versionEndExcluding": "2.70\\(aahn.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E7B8A54-65D5-41E6-89BF-0B4DF6D30125", "versionEndExcluding": "2.70\\(aaho.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAAE5234-410D-436F-86CD-744F3127AEAF", "versionEndExcluding": "2.70\\(abtq.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:xgs1210-12_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAB20E61-9B6E-4AD4-B365-98ED5546F7EF", "versionEndExcluding": "1.00\\(abty.5\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:xgs1210-12:-:*:*:*:*:*:*:*", "matchCriteriaId": "79ECDFC6-ABE3-43A1-BE57-4EC8C7F2896E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:xgs1250-12_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "678F3EF1-23DA-4252-A284-F639CFC5CB8A", "versionEndExcluding": "1.00\\(abwe.1\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:xgs1250-12:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BAEB6C1-5F51-4AAC-B8D3-5F06F139639E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device." }, { "lang": "es", "value": "Una vulnerabilidad en el cliente TFTP del firmware de la serie Zyxel GS1900 versi\u00f3n 2.60, podr\u00eda permitir a un usuario local autenticado ejecutar comandos arbitrarios del SO" } ], "id": "CVE-2021-35031", "lastModified": "2024-11-21T06:11:42.600", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 5.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "security@zyxel.com.tw", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-12-28T11:15:07.463", "references": [ { "source": "security@zyxel.com.tw", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml" } ], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "security@zyxel.com.tw", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-12-28 11:15
Modified
2024-11-21 06:11
Severity ?
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF8E2361-4094-4EF4-ABD1-2AA7F6306F17", "versionEndExcluding": "2.70\\(aahh.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B977BC02-1C92-4A11-B63B-08D521257313", "versionEndExcluding": "2.70\\(aahi.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0426305E-B895-4F3F-BBFD-B67532B23D45", "versionEndExcluding": "2.70\\(aazi.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DEC06507-70AD-4518-A206-51DCF3A372EC", "versionEndExcluding": "2.70\\(aahj.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8FA189B-1FCD-4A54-8867-8F640EA6E23D", "versionEndExcluding": "2.70\\(aahk.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E6A17B4-4E5A-4B59-8D4E-34D3D4E474FD", "versionEndExcluding": "2.70\\(abto.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*", "matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDCE590C-002A-4DAA-84AB-23B976F0F510", "versionEndExcluding": "2.70\\(aahl.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A54568EB-94F3-4817-BD25-C5F52ED1B9AB", "versionEndExcluding": "2.70\\(aahm.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "48A11824-D68D-41F0-BA0B-69C6CEEC5948", "versionEndExcluding": "2.70\\(aatp.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFBB3AFE-A826-43DC-A18F-FFD68E08E23E", "versionEndExcluding": "2.70\\(aahn.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E7B8A54-65D5-41E6-89BF-0B4DF6D30125", "versionEndExcluding": "2.70\\(aaho.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAAE5234-410D-436F-86CD-744F3127AEAF", "versionEndExcluding": "2.70\\(abtq.0\\)-20211208", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the \u0027libsal.so\u0027 of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call." }, { "lang": "es", "value": "Una vulnerabilidad en el archivo \"libsal.so\" del firmware de la serie Zyxel GS1900 versi\u00f3n 2.60, podr\u00eda permitir a un usuario local autenticado ejecutar comandos arbitrarios del sistema operativo por medio de una llamada de funci\u00f3n dise\u00f1ada" } ], "id": "CVE-2021-35032", "lastModified": "2024-11-21T06:11:42.753", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "security@zyxel.com.tw", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-12-28T11:15:07.583", "references": [ { "source": "security@zyxel.com.tw", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_OS_command_injection_vulnerabilities_of_switches.shtml" } ], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "security@zyxel.com.tw", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-11-14 21:15
Modified
2024-11-21 04:29
Severity ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
cve@mitre.org | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-8_firmware | * | |
zyxel | gs1900-8 | - | |
zyxel | gs1900-8hp_firmware | * | |
zyxel | gs1900-8hp | - | |
zyxel | gs1900-10hp_firmware | * | |
zyxel | gs1900-10hp | - | |
zyxel | gs1900-16_firmware | * | |
zyxel | gs1900-16 | - | |
zyxel | gs1900-24e_firmware | * | |
zyxel | gs1900-24e | - | |
zyxel | gs1900-24_firmware | * | |
zyxel | gs1900-24 | - | |
zyxel | gs1900-24hp_firmware | * | |
zyxel | gs1900-24hp | - | |
zyxel | gs1900-48_firmware | * | |
zyxel | gs1900-48 | - | |
zyxel | gs1900-48hp_firmware | * | |
zyxel | gs1900-48hp | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5428A26-563D-47A7-A771-D6F20775EDF5", "versionEndExcluding": "2.50\\(aahh.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E6DB241-5659-414E-856E-C5D790D07F8B", "versionEndExcluding": "2.50\\(aahi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "52D51F8F-8BCB-4571-A782-264B71C7CD76", "versionEndExcluding": "2.50\\(aahj.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3687A400-9D7F-453A-88D7-C87B85B6E4EB", "versionEndExcluding": "2.50\\(aahk.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6733BECF-F9A3-4748-8A96-DFB10A670C35", "versionEndExcluding": "2.50\\(aahl.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D3A3C5E-2027-40EE-A9EF-983474E9DC07", "versionEndExcluding": "2.50\\(aahm.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "45D88D78-F7C9-45BB-8E47-2BD24B8616B2", "versionEndExcluding": "2.50\\(aahn.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6EA6D9E-B5D4-4043-90C5-409B5875A3B5", "versionEndExcluding": "2.50\\(aaho.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a la versi\u00f3n 2.50 (AAHH.0) C0. A trav\u00e9s de una secuencia indocumentada de pulsaciones de teclas, se activa la funcionalidad no documentada. Se activa un shell de diagn\u00f3stico a trav\u00e9s de CTRL-ALT-t, que solicita la contrase\u00f1a devuelta por fds_sys_passDebugPasswd_ret (). El firmware contiene comprobaciones de control de acceso que determinan si los usuarios remotos pueden acceder a esta funcionalidad. La funci\u00f3n que realiza esta comprobaci\u00f3n (fds_sys_remoteDebugEnable_ret en libfds.so) siempre devuelve VERDADERO sin realizar comprobaciones reales. El men\u00fa de diagn\u00f3stico permite leer / escribir registros arbitrarios y varios otros par\u00e1metros de configuraci\u00f3n que se cree que est\u00e1n relacionados con los chips de la interfaz de red." } ], "id": "CVE-2019-15803", "lastModified": "2024-11-21T04:29:29.943", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-11-14T21:15:11.890", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-287" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-07-26 12:15
Modified
2024-11-21 06:11
Severity ?
3.5 (Low) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD447145-9B13-4B3E-B35E-65AB4A576B8D", "versionEndExcluding": "2.70", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "06D9347D-F0F3-4E9B-8EF6-AA2A723A55E6", "versionEndExcluding": "2.70", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A54B9C24-6492-463F-8768-BF1E092D9077", "versionEndExcluding": "2.70", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D2B2385-9DDF-4E5E-9CFE-12B0304568BF", "versionEndExcluding": "2.70", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "674594F8-B90F-4D8E-82E4-9DE721BC52E5", "versionEndExcluding": "2.70", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F69D2726-44BB-4AFB-9447-2220675020AE", "versionEndExcluding": "2.70", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*", "matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC29ADFF-27E6-4CFA-8C5F-32542AC36052", "versionEndExcluding": "2.70", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4567A0DB-6E8E-4714-B573-8FEA4A571738", "versionEndExcluding": "2.70", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "99DCDB75-4D17-4A05-AF5A-4ADA54A54142", "versionEndExcluding": "2.70", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD68BF23-59DC-4449-9B53-ACBCC6F4A871", "versionEndExcluding": "2.70", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A4D35C7-255C-4842-8D75-22CAC3E14C6C", "versionEndExcluding": "2.70", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "39C45C13-DD78-4486-833A-773A5F0A77A8", "versionEndExcluding": "2.70", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet." }, { "lang": "es", "value": "Se ha encontrado una vulnerabilidad en el programa CGI de Zyxel GS1900-8 versi\u00f3n del firmware V2.60, que no esterilizaba apropiadamente el contenido de los paquetes y pod\u00eda permitir a un usuario local autenticado llevar a cabo un ataque de tipo cross-site scripting (XSS) por medio de un paquete LLDP dise\u00f1ado" } ], "id": "CVE-2021-35030", "lastModified": "2024-11-21T06:11:42.450", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 4.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "exploitabilityScore": 0.9, "impactScore": 2.5, "source": "security@zyxel.com.tw", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-07-26T12:15:08.817", "references": [ { "source": "security@zyxel.com.tw", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GS1900_series_switches.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_XSS_vulnerability_of_GS1900_series_switches.shtml" } ], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "security@zyxel.com.tw", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-03-26 01:59
Modified
2024-11-21 02:46
Severity ?
Summary
The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | ios_xe | 3.2ja_3.2.0ja | |
cisco | ios_xe | 3.2se_3.2.0se | |
cisco | ios_xe | 3.2se_3.2.1se | |
cisco | ios_xe | 3.2se_3.2.2se | |
cisco | ios_xe | 3.2se_3.2.3se | |
cisco | ios_xe | 3.3se_3.3.0se | |
cisco | ios_xe | 3.3se_3.3.1se | |
cisco | ios_xe | 3.3se_3.3.2se | |
cisco | ios_xe | 3.3se_3.3.3se | |
cisco | ios_xe | 3.3se_3.3.4se | |
cisco | ios_xe | 3.3se_3.3.5se | |
cisco | ios_xe | 3.3xo_3.3.0xo | |
cisco | ios_xe | 3.3xo_3.3.1xo | |
cisco | ios_xe | 3.3xo_3.3.2xo | |
cisco | ios_xe | 3.4sg_3.4.0sg | |
cisco | ios_xe | 3.4sg_3.4.1sg | |
cisco | ios_xe | 3.4sg_3.4.2sg | |
cisco | ios_xe | 3.4sg_3.4.3sg | |
cisco | ios_xe | 3.4sg_3.4.4sg | |
cisco | ios_xe | 3.4sg_3.4.5sg | |
cisco | ios_xe | 3.4sg_3.4.6sg | |
cisco | ios_xe | 3.5e_3.5.0e | |
cisco | ios_xe | 3.5e_3.5.1e | |
cisco | ios_xe | 3.5e_3.5.2e | |
cisco | ios_xe | 3.5e_3.5.3e | |
cisco | ios_xe | 3.6e_3.6.0e | |
cisco | ios_xe | 3.6e_3.6.1e | |
cisco | ios_xe | 3.6e_3.6.2ae | |
cisco | ios_xe | 3.6e_3.6.2e | |
cisco | ios_xe | 3.7e_3.7.0e | |
cisco | ios_xe | 3.7e_3.7.1e | |
cisco | ios_xe | 3.7e_3.7.2e | |
intel | core_i5-9400f_firmware | - | |
netgear | jr6150_firmware | * | |
samsung | x14j_firmware | t-ms14jakucb-1102.5 | |
sun | opensolaris | snv_124 | |
zyxel | gs1900-10hp_firmware | * | |
zzinc | keymouse_firmware | 3.08 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ios_xe:3.2ja_3.2.0ja:*:*:*:*:*:*:*", "matchCriteriaId": "8026B218-F117-4516-B7A3-8F4B39A87E10", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.2se_3.2.0se:*:*:*:*:*:*:*", "matchCriteriaId": "B9EBA5FE-79DC-4E98-BE1E-A78CC5CDDCB4", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.2se_3.2.1se:*:*:*:*:*:*:*", "matchCriteriaId": "9B110289-CC9E-43A0-BB03-89D200A11A33", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.2se_3.2.2se:*:*:*:*:*:*:*", "matchCriteriaId": "D9BA4A59-9008-4324-A384-3D7CD61C4C5E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.2se_3.2.3se:*:*:*:*:*:*:*", "matchCriteriaId": "57787A9D-36C8-479C-9BB5-E941DF6C4838", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3se_3.3.0se:*:*:*:*:*:*:*", "matchCriteriaId": "9A0B9F36-EC6A-4727-904F-813722CA5560", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3se_3.3.1se:*:*:*:*:*:*:*", "matchCriteriaId": "43F65F0C-FFA4-48AA-82BD-E60942436C29", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3se_3.3.2se:*:*:*:*:*:*:*", "matchCriteriaId": "7F0BDB4D-74C7-4017-BAB5-F2322E33D43C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3se_3.3.3se:*:*:*:*:*:*:*", "matchCriteriaId": "11646B88-F532-498B-92A1-EAA49E687EBD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3se_3.3.4se:*:*:*:*:*:*:*", "matchCriteriaId": "12A12D41-19F5-4732-B4D8-B8E07A3CA045", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3se_3.3.5se:*:*:*:*:*:*:*", "matchCriteriaId": "494EB9F2-EA04-47B0-9A82-59284F085F48", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3xo_3.3.0xo:*:*:*:*:*:*:*", "matchCriteriaId": "1048CA2D-FFA2-4D44-8F2E-3ECFD7A97E55", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3xo_3.3.1xo:*:*:*:*:*:*:*", "matchCriteriaId": "BFCA15E2-9FBC-49C7-BF47-7B749A11914B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3xo_3.3.2xo:*:*:*:*:*:*:*", "matchCriteriaId": "F01AADBF-D870-4B75-9C34-82B534995C47", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.0sg:*:*:*:*:*:*:*", "matchCriteriaId": "01851517-4ABD-4E4D-9A82-33DE7EDA323E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.1sg:*:*:*:*:*:*:*", "matchCriteriaId": "674C1E76-1C84-4595-97C2-B75D6656EDC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.2sg:*:*:*:*:*:*:*", "matchCriteriaId": "88DA0F1D-31AC-4E99-B268-7F8D62B525F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.3sg:*:*:*:*:*:*:*", "matchCriteriaId": "10205CB9-78AB-4AE5-9838-712F1B7A6DA3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.4sg:*:*:*:*:*:*:*", "matchCriteriaId": "424C9ED4-D693-497F-A4BF-2DA878DC2F16", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.5sg:*:*:*:*:*:*:*", "matchCriteriaId": "A00F31FD-CCA2-4896-AFD1-324315B8A1DF", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.6sg:*:*:*:*:*:*:*", "matchCriteriaId": "91CBDE34-E903-42E7-8250-F9C464FF9358", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5e_3.5.0e:*:*:*:*:*:*:*", "matchCriteriaId": "34C96C5E-C67E-42DB-A400-872C72723397", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5e_3.5.1e:*:*:*:*:*:*:*", "matchCriteriaId": "036EB6B4-3EBA-4AC2-A182-9402257E7D85", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5e_3.5.2e:*:*:*:*:*:*:*", "matchCriteriaId": "2AB451EE-C76B-405A-9AEF-28420E9D964D", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5e_3.5.3e:*:*:*:*:*:*:*", "matchCriteriaId": "9D070F4E-0539-45C2-B5FC-486135DCA5B1", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6e_3.6.0e:*:*:*:*:*:*:*", "matchCriteriaId": "46D09504-050B-477B-A77C-DC6FB356573C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6e_3.6.1e:*:*:*:*:*:*:*", "matchCriteriaId": "E7515382-E7F8-4309-89F7-D2A0CDBCFE14", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6e_3.6.2ae:*:*:*:*:*:*:*", "matchCriteriaId": "4849EC40-FC9C-48A6-B0E1-F084737DC860", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6e_3.6.2e:*:*:*:*:*:*:*", "matchCriteriaId": "1B217689-9550-4465-9252-95BB53B3165E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7e_3.7.0e:*:*:*:*:*:*:*", "matchCriteriaId": "B5141179-58CC-42CC-B7C3-881E452BAF0E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7e_3.7.1e:*:*:*:*:*:*:*", "matchCriteriaId": "0F4F220A-ADA8-4D51-A41F-DC9607285940", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7e_3.7.2e:*:*:*:*:*:*:*", "matchCriteriaId": "21577E9B-D717-43EA-AB71-533BCDD1379D", "vulnerable": true }, { "criteria": "cpe:2.3:o:intel:core_i5-9400f_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC4DDD41-51CD-40FF-BCB0-29D559C1CAD5", "vulnerable": true }, { "criteria": "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AF8ACF6-2BDF-49C2-B92F-2207D83664BF", "versionEndExcluding": "2017-01-06", "vulnerable": true }, { "criteria": "cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A5867B4-EC19-45D4-87BE-867E1D41ECD5", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", "matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", "vulnerable": true }, { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true }, { "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410." }, { "lang": "es", "value": "La implementaci\u00f3n del cliente Smart Install en Cisco IOS 12.2, 15.0 y 15.2 y IOS XE 3.2 hasta la versi\u00f3n 3.7 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga de dispositivo) a trav\u00e9s de par\u00e1metros de lista de im\u00e1genes manipulados en un paquete Small Install, tambi\u00e9n conocido como Bug ID CSCuv45410." } ], "id": "CVE-2016-1349", "lastModified": "2024-11-21T02:46:14.013", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-03-26T01:59:03.120", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1035385" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035385" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-03-26 01:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | ios_xe | 3.8.0s | |
cisco | ios_xe | 3.8.1s | |
cisco | ios_xe | 3.8.2s | |
cisco | ios_xe | 3.9.0as | |
cisco | ios_xe | 3.9.0s | |
cisco | ios_xe | 3.9.1as | |
cisco | ios_xe | 3.9.1s | |
cisco | ios_xe | 3.9.2s | |
cisco | ios_xe | 3.10.0s | |
cisco | ios_xe | 3.10.1s | |
cisco | ios_xe | 3.10.1xbs | |
cisco | ios_xe | 3.10.2s | |
cisco | ios_xe | 3.11.0s | |
lenovo | thinkcentre_e75s_firmware | * | |
samsung | x14j_firmware | t-ms14jakucb-1102.5 | |
sun | opensolaris | snv_124 | |
zyxel | gs1900-10hp_firmware | * | |
zzinc | keymouse_firmware | 3.08 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ios_xe:3.8.0s:*:*:*:*:*:*:*", "matchCriteriaId": "2835C64E-808F-4A6C-B245-7A9996FAFE3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.8.1s:*:*:*:*:*:*:*", "matchCriteriaId": "8E1040AF-A087-4791-BFC3-36CA3F3208E6", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.8.2s:*:*:*:*:*:*:*", "matchCriteriaId": "7F95B900-12A3-4488-BB50-20C972BEE169", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.9.0as:*:*:*:*:*:*:*", "matchCriteriaId": "BC3B6D68-DA31-45EB-ACFD-AE703B2FA2D4", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.9.0s:*:*:*:*:*:*:*", "matchCriteriaId": "94227B25-5C86-453C-9DC8-A8201C1D1FEE", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.9.1as:*:*:*:*:*:*:*", "matchCriteriaId": "6352A220-8F3E-4E08-8DD3-50E366434333", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.9.1s:*:*:*:*:*:*:*", "matchCriteriaId": "10F278DC-5102-4A18-9C72-E8FEEDCC5729", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.9.2s:*:*:*:*:*:*:*", "matchCriteriaId": "513675B5-D62C-442D-8754-DC4F221942B7", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10.0s:*:*:*:*:*:*:*", "matchCriteriaId": "D9D9F45C-E71F-4425-A0C7-DFFEEC93C152", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10.1s:*:*:*:*:*:*:*", "matchCriteriaId": "26FB3B1A-FB8C-4371-A6D2-AB83ECF17F96", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10.1xbs:*:*:*:*:*:*:*", "matchCriteriaId": "48B351B3-3A18-4068-A95D-68942955070E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10.2s:*:*:*:*:*:*:*", "matchCriteriaId": "2A005E0C-A744-4AFA-A1D1-2E3228E093FD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.11.0s:*:*:*:*:*:*:*", "matchCriteriaId": "6DAC081C-9A22-4CBC-A9D0-DD9995801791", "vulnerable": true }, { "criteria": "cpe:2.3:o:lenovo:thinkcentre_e75s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AB40F09-336C-4FBB-9A58-9B4033FCE7B1", "versionEndExcluding": "m16kt61a", "vulnerable": true }, { "criteria": "cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A5867B4-EC19-45D4-87BE-867E1D41ECD5", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", "matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", "vulnerable": true }, { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true }, { "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293." }, { "lang": "es", "value": "Cisco IOS 15.3 y 15.4, Cisco IOS XE 3.8 hasta la versi\u00f3n 3.11 y Cisco Unified Communications Manager permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga de dispositivo) a trav\u00e9s de mensajes SIP mal formados, tambi\u00e9n conocido como Bug ID CSCuj23293." } ], "id": "CVE-2016-1350", "lastModified": "2024-11-21T02:46:14.123", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-03-26T01:59:04.090", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip" }, { "source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/85372" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1035420" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1035421" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/85372" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035420" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035421" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-02-09 03:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-10hp_firmware | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098." }, { "lang": "es", "value": "Cisco Unified Communications Manager 11.5(0.98000.480) permite a usuarios remotos autenticados obtener informaci\u00f3n sensible de la base de datos table-name y entity-name a trav\u00e9s de una petici\u00f3n directa a una URL no especificada, tambi\u00e9n conocido como Bug ID CSCuy11098." } ], "id": "CVE-2016-1317", "lastModified": "2024-11-21T02:46:10.573", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-02-09T03:59:01.070", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201600208-ucm" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1034957" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201600208-ucm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034957" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2022-09-20 02:15
Modified
2024-11-21 07:10
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-8_firmware | * | |
zyxel | gs1900-8 | - | |
zyxel | gs1900-8hp_firmware | * | |
zyxel | gs1900-8hp | - | |
zyxel | gs1900-10hp_firmware | * | |
zyxel | gs1900-10hp | - | |
zyxel | gs1900-16_firmware | * | |
zyxel | gs1900-16 | - | |
zyxel | gs1900-24_firmware | * | |
zyxel | gs1900-24 | - | |
zyxel | gs1900-24e_firmware | * | |
zyxel | gs1900-24e | - | |
zyxel | gs1900-24ep_firmware | * | |
zyxel | gs1900-24ep | - | |
zyxel | gs1900-24hpv2_firmware | * | |
zyxel | gs1900-24hpv2 | - | |
zyxel | gs1900-48_firmware | * | |
zyxel | gs1900-48 | - | |
zyxel | gs1900-48hpv2_firmware | * | |
zyxel | gs1900-48hpv2 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9B8C89E9-1F95-41E8-9E03-ACF475F2D2D0", "versionEndExcluding": "2.70\\(aahh.3\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "309B1AEB-4154-42A1-B892-EC511A3C03F0", "versionEndExcluding": "2.70\\(aahi.3\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BDB45D9-2EF6-41FC-94A4-FFE7D3105C43", "versionEndExcluding": "2.70\\(aazi.3\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FC381F1-041B-4634-9F67-698E29037955", "versionEndExcluding": "2.70\\(aahj.3\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B87441A-7C43-4B63-99D5-BA70364F062D", "versionEndExcluding": "2.70\\(aahl.3\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1AF52CD-C62F-41C5-89BB-253A6F5C3624", "versionEndExcluding": "2.70\\(aahk.3\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EEEAB28-5FE5-42E4-88E6-9BCDA03B9420", "versionEndExcluding": "2.70\\(abto.3\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*", "matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1841493A-E849-413B-B39D-77A8E940B138", "versionEndExcluding": "2.70\\(abtp.3\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "17331D45-94BA-489F-BA8A-53F72026244C", "versionEndExcluding": "2.70\\(aahn.3\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "32A2CB26-844A-41ED-A59A-E67ACD371DCA", "versionEndExcluding": "2.70\\(abtq.3\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface." }, { "lang": "es", "value": "Se ha encontrado una vulnerabilidad de entrop\u00eda insuficiente causada por el uso inapropiado de fuentes de aleatoriedad con baja entrop\u00eda para la generaci\u00f3n de pares de claves RSA en las versiones de firmware de la serie Zyxel GS1900 versiones anteriores a V2.70. Esta vulnerabilidad podr\u00eda permitir a un atacante no autenticado recuperar una clave privada mediante la factorizaci\u00f3n del m\u00f3dulo N de RSA en el certificado de la interfaz de administraci\u00f3n web" } ], "id": "CVE-2022-34746", "lastModified": "2024-11-21T07:10:06.513", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security@zyxel.com.tw", "type": "Secondary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-09-20T02:15:08.640", "references": [ { "source": "security@zyxel.com.tw", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-of-gs1900-series-switches" } ], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-331" } ], "source": "security@zyxel.com.tw", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-331" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-11-07 05:15
Modified
2024-11-21 08:08
Severity ?
Summary
The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-48hpv2_firmware | * | |
zyxel | gs1900-48hpv2 | - | |
zyxel | gs1900-48_firmware | * | |
zyxel | gs1900-48 | - | |
zyxel | gs1900-24hpv2_firmware | * | |
zyxel | gs1900-24hpv2 | - | |
zyxel | gs1900-24ep_firmware | * | |
zyxel | gs1900-24ep | - | |
zyxel | gs1900-24e_firmware | * | |
zyxel | gs1900-24e | - | |
zyxel | gs1900-24_firmware | * | |
zyxel | gs1900-24 | - | |
zyxel | gs1900-16_firmware | * | |
zyxel | gs1900-16 | - | |
zyxel | gs1900-10hp_firmware | * | |
zyxel | gs1900-10hp | - | |
zyxel | gs1900-8hp_firmware | * | |
zyxel | gs1900-8hp | - | |
zyxel | gs1900-8_firmware | * | |
zyxel | gs1900-8 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA14022B-4409-4725-BB26-2E85DC8BA02A", "versionEndIncluding": "2.70\\(abtq.5\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BB5CC06-9693-4951-BB8D-70CAF93C805E", "versionEndIncluding": "2.70\\(aahn.5\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F9A3EA9-5893-46AC-AECB-DE0A30DD0498", "versionEndIncluding": "2.70\\(abtp.5\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C96ECDC-3D00-4AA9-8E72-78ABC672D637", "versionEndIncluding": "2.70\\(abto.5\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*", "matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E14B4311-5435-41DF-B0AC-32156D386D41", "versionEndIncluding": "2.70\\(aahk.5\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE64CC41-E4E4-4FED-88B9-FEC05FA7B0B6", "versionEndIncluding": "2.70\\(aahl.5\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A68FFD4-FEFF-49F0-9091-9B2E5F0C707C", "versionEndIncluding": "2.70\\(aahj.5\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC5EBAF1-3805-4332-9573-70E119244A71", "versionEndIncluding": "2.70\\(aazi.5\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C6E4B8A-4EC0-4BF6-81FE-40B5AA4B68A8", "versionEndIncluding": "2.70\\(aahi.5\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "13BF4CC3-F378-41D6-AAE1-4A5FA9C176C3", "versionEndIncluding": "2.70\\(aahh.5\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version\u00a0V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device." }, { "lang": "es", "value": "La vulnerabilidad de administraci\u00f3n de privilegios inadecuada en Zyxel GS1900-24EP switch firmware versi\u00f3n V2.70 (ABTO.5) podr\u00eda permitir que un usuario local autenticado con acceso de solo lectura modifique la configuraci\u00f3n del sistema en un dispositivo vulnerable." } ], "id": "CVE-2023-35140", "lastModified": "2024-11-21T08:08:01.030", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security@zyxel.com.tw", "type": "Primary" } ] }, "published": "2023-11-07T05:15:12.077", "references": [ { "source": "security@zyxel.com.tw", "tags": [ "Not Applicable", "Vendor Advisory" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-gs1900-series-switches" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Not Applicable", "Vendor Advisory" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-improper-privilege-management-vulnerability-in-gs1900-series-switches" } ], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-269" } ], "source": "security@zyxel.com.tw", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-04-06 23:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", "matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", "vulnerable": true }, { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true }, { "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:telepresence_server_7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "983E3CC5-7B3A-467A-A482-0D19792CB55E", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*", "matchCriteriaId": "411829A8-56C6-4851-8063-97F03C7B66B2", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_310:-:*:*:*:*:*:*:*", "matchCriteriaId": "51463F95-8A40-47CC-A0FD-B8F0ED16C39F", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_320:-:*:*:*:*:*:*:*", "matchCriteriaId": "7792A73D-C38F-44E6-A660-6CDB0955EC69", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_820:-:*:*:*:*:*:*:*", "matchCriteriaId": "242B17EF-773A-4629-80AC-D3B4E476B56F", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:telepresence_server_on_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "18C16ABE-9BA2-4852-9B12-70BA6A1D50C2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565." }, { "lang": "es", "value": "Cisco TelePresence Server 4.1(2.29) hasta la versi\u00f3n 4.2(4.17) sobre dispositivos 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320 y 820; y Virtual Machine (VM) permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria o recarga de dispositivo) a trav\u00e9s de peticiones HTTP que no van seguidas de una negociaci\u00f3n no especificada, tambi\u00e9n conocido como Bug ID CSCuv47565." } ], "id": "CVE-2015-6313", "lastModified": "2024-11-21T02:34:45.620", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-04-06T23:59:01.283", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1035501" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035501" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-03-26 01:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | ios_xe | 3.3xo_3.3.0xo | |
cisco | ios_xe | 3.3xo_3.3.1xo | |
cisco | ios_xe | 3.3xo_3.3.2xo | |
cisco | ios_xe | 3.5e_3.5.0e | |
cisco | ios_xe | 3.5e_3.5.1e | |
cisco | ios_xe | 3.5e_3.5.2e | |
cisco | ios_xe | 3.5e_3.5.3e | |
cisco | ios_xe | 3.5s_3.5.0s | |
cisco | ios_xe | 3.5s_3.5.1s | |
cisco | ios_xe | 3.5s_3.5.2s | |
cisco | ios_xe | 3.6e_3.6.0e | |
cisco | ios_xe | 3.6e_3.6.1e | |
cisco | ios_xe | 3.6e_3.6.2ae | |
cisco | ios_xe | 3.6e_3.6.2e | |
cisco | ios_xe | 3.6e_3.6.3e | |
cisco | ios_xe | 3.6s_3.6.0s | |
cisco | ios_xe | 3.6s_3.6.1s | |
cisco | ios_xe | 3.6s_3.6.2s | |
cisco | ios_xe | 3.7e_3.7.0e | |
cisco | ios_xe | 3.7e_3.7.1e | |
cisco | ios_xe | 3.7e_3.7.2e | |
cisco | ios_xe | 3.7s_3.7.0s | |
cisco | ios_xe | 3.7s_3.7.1s | |
cisco | ios_xe | 3.7s_3.7.2s | |
cisco | ios_xe | 3.7s_3.7.2ts | |
cisco | ios_xe | 3.7s_3.7.3s | |
cisco | ios_xe | 3.7s_3.7.4as | |
cisco | ios_xe | 3.7s_3.7.4s | |
cisco | ios_xe | 3.7s_3.7.5s | |
cisco | ios_xe | 3.7s_3.7.6s | |
cisco | ios_xe | 3.7s_3.7.7s | |
cisco | ios_xe | 3.8e_3.8.0e | |
cisco | ios_xe | 3.8s_3.8.0s | |
cisco | ios_xe | 3.8s_3.8.1s | |
cisco | ios_xe | 3.8s_3.8.2s | |
cisco | ios_xe | 3.9s_3.9.0as | |
cisco | ios_xe | 3.9s_3.9.0s | |
cisco | ios_xe | 3.9s_3.9.1as | |
cisco | ios_xe | 3.9s_3.9.1s | |
cisco | ios_xe | 3.9s_3.9.2s | |
cisco | ios_xe | 3.10s_3.10.0s | |
cisco | ios_xe | 3.10s_3.10.1s | |
cisco | ios_xe | 3.10s_3.10.1xbs | |
cisco | ios_xe | 3.10s_3.10.2s | |
cisco | ios_xe | 3.10s_3.10.3s | |
cisco | ios_xe | 3.10s_3.10.4s | |
cisco | ios_xe | 3.10s_3.10.5s | |
cisco | ios_xe | 3.10s_3.10.6s | |
cisco | ios_xe | 3.11s_3.11.0s | |
cisco | ios_xe | 3.11s_3.11.1s | |
cisco | ios_xe | 3.11s_3.11.2s | |
cisco | ios_xe | 3.11s_3.11.3s | |
cisco | ios_xe | 3.11s_3.11.4s | |
cisco | ios_xe | 3.12s_3.12.0s | |
cisco | ios_xe | 3.12s_3.12.1s | |
cisco | ios_xe | 3.12s_3.12.2s | |
cisco | ios_xe | 3.12s_3.12.3s | |
cisco | ios_xe | 3.12s_3.12.4s | |
cisco | ios_xe | 3.13s_3.13.0as | |
cisco | ios_xe | 3.13s_3.13.0s | |
cisco | ios_xe | 3.13s_3.13.1s | |
cisco | ios_xe | 3.13s_3.13.2as | |
cisco | ios_xe | 3.13s_3.13.2s | |
cisco | ios_xe | 3.13s_3.13.3s | |
cisco | ios_xe | 3.13s_3.13.4s | |
cisco | ios_xe | 3.14s_3.14.0s | |
cisco | ios_xe | 3.14s_3.14.1s | |
cisco | ios_xe | 3.14s_3.14.2s | |
cisco | ios_xe | 3.14s_3.14.3s | |
cisco | ios_xe | 3.15s_3.15.0s | |
cisco | ios_xe | 3.15s_3.15.1cs | |
cisco | ios_xe | 3.15s_3.15.1s | |
cisco | ios_xe | 3.15s_3.15.2s | |
cisco | ios_xe | 3.16s_3.16.0cs | |
cisco | ios_xe | 3.16s_3.16.0s | |
cisco | ios_xe | 3.16s_3.16.1as | |
cisco | ios_xe | 3.16s_3.16.1s | |
netgear | jr6150_firmware | * | |
samsung | x14j_firmware | t-ms14jakucb-1102.5 | |
sun | opensolaris | snv_124 | |
zyxel | gs1900-10hp_firmware | * | |
zzinc | keymouse_firmware | 3.08 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3xo_3.3.0xo:*:*:*:*:*:*:*", "matchCriteriaId": "1048CA2D-FFA2-4D44-8F2E-3ECFD7A97E55", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3xo_3.3.1xo:*:*:*:*:*:*:*", "matchCriteriaId": "BFCA15E2-9FBC-49C7-BF47-7B749A11914B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3xo_3.3.2xo:*:*:*:*:*:*:*", "matchCriteriaId": "F01AADBF-D870-4B75-9C34-82B534995C47", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5e_3.5.0e:*:*:*:*:*:*:*", "matchCriteriaId": "34C96C5E-C67E-42DB-A400-872C72723397", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5e_3.5.1e:*:*:*:*:*:*:*", "matchCriteriaId": "036EB6B4-3EBA-4AC2-A182-9402257E7D85", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5e_3.5.2e:*:*:*:*:*:*:*", "matchCriteriaId": "2AB451EE-C76B-405A-9AEF-28420E9D964D", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5e_3.5.3e:*:*:*:*:*:*:*", "matchCriteriaId": "9D070F4E-0539-45C2-B5FC-486135DCA5B1", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5s_3.5.0s:*:*:*:*:*:*:*", "matchCriteriaId": "D03DF484-5044-40A0-90D5-010A4EACB884", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5s_3.5.1s:*:*:*:*:*:*:*", "matchCriteriaId": "C06826A5-1E47-43F8-BA06-DCEE41B1D298", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5s_3.5.2s:*:*:*:*:*:*:*", "matchCriteriaId": "EF975D9D-126B-4E0B-BA5E-7E4A429275F3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6e_3.6.0e:*:*:*:*:*:*:*", "matchCriteriaId": "46D09504-050B-477B-A77C-DC6FB356573C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6e_3.6.1e:*:*:*:*:*:*:*", "matchCriteriaId": "E7515382-E7F8-4309-89F7-D2A0CDBCFE14", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6e_3.6.2ae:*:*:*:*:*:*:*", "matchCriteriaId": "4849EC40-FC9C-48A6-B0E1-F084737DC860", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6e_3.6.2e:*:*:*:*:*:*:*", "matchCriteriaId": "1B217689-9550-4465-9252-95BB53B3165E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6e_3.6.3e:*:*:*:*:*:*:*", "matchCriteriaId": "5B662063-15FE-46A0-97D5-A10A8C44D2A4", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6s_3.6.0s:*:*:*:*:*:*:*", "matchCriteriaId": "33FADC21-F6C7-4D97-94C7-3552C3A5830E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6s_3.6.1s:*:*:*:*:*:*:*", "matchCriteriaId": "39FA1C3D-01CB-4E26-9F81-6F53B6195083", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6s_3.6.2s:*:*:*:*:*:*:*", "matchCriteriaId": "65CB65CA-4427-491D-BB64-A4D9D9EAE8D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7e_3.7.0e:*:*:*:*:*:*:*", "matchCriteriaId": "B5141179-58CC-42CC-B7C3-881E452BAF0E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7e_3.7.1e:*:*:*:*:*:*:*", "matchCriteriaId": "0F4F220A-ADA8-4D51-A41F-DC9607285940", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7e_3.7.2e:*:*:*:*:*:*:*", "matchCriteriaId": "21577E9B-D717-43EA-AB71-533BCDD1379D", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.0s:*:*:*:*:*:*:*", "matchCriteriaId": "E677D95D-14DC-475D-978D-6E2A11FD7F8C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.1s:*:*:*:*:*:*:*", "matchCriteriaId": "5CE969A4-9810-42DF-A92C-CD488CEB1150", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.2s:*:*:*:*:*:*:*", "matchCriteriaId": "C2CEB4AE-C963-4E8D-923D-8940E93BE51C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.2ts:*:*:*:*:*:*:*", "matchCriteriaId": "61E4FE90-CADD-4A39-A343-8C688FA4EDE7", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.3s:*:*:*:*:*:*:*", "matchCriteriaId": "48F5CB41-DC88-42D0-A7AD-F8DAA5386554", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.4as:*:*:*:*:*:*:*", "matchCriteriaId": "97399C68-252F-4B89-A20F-A15C5BC51DDC", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.4s:*:*:*:*:*:*:*", "matchCriteriaId": "6B648A93-E55B-487F-B6EE-2E97ED21BED7", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.5s:*:*:*:*:*:*:*", "matchCriteriaId": "287DE66C-0EA8-4404-A42E-11776B3D7852", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.6s:*:*:*:*:*:*:*", "matchCriteriaId": "8D3F59AE-7E69-4694-AFBF-CE278B3BE32F", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.7s:*:*:*:*:*:*:*", "matchCriteriaId": "A95E7272-57D4-4DCC-A3B1-82C477439177", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.8e_3.8.0e:*:*:*:*:*:*:*", "matchCriteriaId": "0FFE5D14-0382-4BEB-988C-AC9982F8798F", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.8s_3.8.0s:*:*:*:*:*:*:*", "matchCriteriaId": "532A0CC6-614F-4690-A845-E4CB2C05AEE6", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.8s_3.8.1s:*:*:*:*:*:*:*", "matchCriteriaId": "ED4A9A0A-3DB5-4BE4-B6F7-3BE491C4F973", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.8s_3.8.2s:*:*:*:*:*:*:*", "matchCriteriaId": "23A5201B-747B-4525-8707-F097051AD0A3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.9s_3.9.0as:*:*:*:*:*:*:*", "matchCriteriaId": "3F66E1DA-94E4-4AEE-BCF6-022B8E966C65", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.9s_3.9.0s:*:*:*:*:*:*:*", "matchCriteriaId": "43082336-50F9-49D2-91EF-823249F2366B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.9s_3.9.1as:*:*:*:*:*:*:*", "matchCriteriaId": "FBD67821-EEBE-49D4-8AAB-4FF81370A976", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.9s_3.9.1s:*:*:*:*:*:*:*", "matchCriteriaId": "7F2B3E54-746F-48B7-8DA4-4827BC450841", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.9s_3.9.2s:*:*:*:*:*:*:*", "matchCriteriaId": "FE4657ED-003D-48C1-9744-56AA825C96AE", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.0s:*:*:*:*:*:*:*", "matchCriteriaId": "E659A9C2-4E00-45F3-8F70-D9E18CDEE8D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.1s:*:*:*:*:*:*:*", "matchCriteriaId": "4B359E9A-65D2-447D-AA44-BEA158622923", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.1xbs:*:*:*:*:*:*:*", "matchCriteriaId": "B217F6BD-D867-459A-AC5E-760F0BD36602", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.2s:*:*:*:*:*:*:*", "matchCriteriaId": "8E1B040D-CE1A-41A3-B0E9-1AA0CFC29899", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.3s:*:*:*:*:*:*:*", "matchCriteriaId": "C2CE31EB-5B95-49EC-8955-0D47DDA344CA", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.4s:*:*:*:*:*:*:*", "matchCriteriaId": "FD279792-84E4-4E9C-9DBD-2E0689279981", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.5s:*:*:*:*:*:*:*", "matchCriteriaId": "67CF54E1-2890-4F70-81A1-04AFB98CC2BD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.6s:*:*:*:*:*:*:*", "matchCriteriaId": "137FCB00-9FD5-4C45-9DE4-EC4BB2679049", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.0s:*:*:*:*:*:*:*", "matchCriteriaId": "186A4D4A-5977-45BC-A054-72B20FA574FC", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.1s:*:*:*:*:*:*:*", "matchCriteriaId": "4DEF72D7-D889-4197-8469-A849050DE808", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.2s:*:*:*:*:*:*:*", "matchCriteriaId": "737754AA-C961-433E-B9D0-7C7ED0310F0A", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.3s:*:*:*:*:*:*:*", "matchCriteriaId": "AFCFC44D-F618-457B-BD53-F09224F1C599", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.4s:*:*:*:*:*:*:*", "matchCriteriaId": "8BC5C495-4CFE-4126-A358-5E4B40D17CC2", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.12s_3.12.0s:*:*:*:*:*:*:*", "matchCriteriaId": "2C2BB58F-437A-4051-8FC4-C16CFD99AC12", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.12s_3.12.1s:*:*:*:*:*:*:*", "matchCriteriaId": "348B6EB5-4DCF-41EA-BD36-C2A150F0F55C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.12s_3.12.2s:*:*:*:*:*:*:*", "matchCriteriaId": "588F5074-C8F3-4D62-89BF-EE0E3945921E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.12s_3.12.3s:*:*:*:*:*:*:*", "matchCriteriaId": "42D06EFA-5E74-4868-99DE-81278EA12119", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.12s_3.12.4s:*:*:*:*:*:*:*", "matchCriteriaId": "7F16B0E5-30F9-4C2A-A492-F0EF522843A7", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.0as:*:*:*:*:*:*:*", "matchCriteriaId": "73D0F3A6-14D7-4E83-A2E2-2D0FD545DD6C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.0s:*:*:*:*:*:*:*", "matchCriteriaId": "663B2239-BC08-4C0C-A16C-FA7CFD0B1F1C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.1s:*:*:*:*:*:*:*", "matchCriteriaId": "27806BF7-0971-4F71-A0CC-A9FADEF40F22", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.2as:*:*:*:*:*:*:*", "matchCriteriaId": "B6D9A836-B48E-4961-B51C-2014D2859922", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.2s:*:*:*:*:*:*:*", "matchCriteriaId": "AF0A7ED7-901B-4382-8666-E65A6880C756", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.3s:*:*:*:*:*:*:*", "matchCriteriaId": "DC8FBD67-6D74-44EB-A86D-DD8C98DA4998", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.4s:*:*:*:*:*:*:*", "matchCriteriaId": "42425169-F2EE-4157-9AA6-CF1B4FD12B72", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.14s_3.14.0s:*:*:*:*:*:*:*", "matchCriteriaId": "3E1BE381-4C2A-45B1-9647-FB1581BF687A", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.14s_3.14.1s:*:*:*:*:*:*:*", "matchCriteriaId": "398B04EF-01AD-4C91-B141-0266886AEED2", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.14s_3.14.2s:*:*:*:*:*:*:*", "matchCriteriaId": "F103A8AB-E32B-487D-9640-5CBB33E0FF5A", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.14s_3.14.3s:*:*:*:*:*:*:*", "matchCriteriaId": "FDA1DC5E-8504-4617-A1FC-86B3F912D556", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.15s_3.15.0s:*:*:*:*:*:*:*", "matchCriteriaId": "26E62379-6C6E-4B50-97FF-6183F048750F", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.15s_3.15.1cs:*:*:*:*:*:*:*", "matchCriteriaId": "6BEB3538-C2E0-4C44-ACE2-A022A118105F", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.15s_3.15.1s:*:*:*:*:*:*:*", "matchCriteriaId": "FD1C0761-BC14-4FD7-B852-88EAB4E78F83", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.15s_3.15.2s:*:*:*:*:*:*:*", "matchCriteriaId": "D9C5187C-C7E0-4446-B528-C5DE1AAB90ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.16s_3.16.0cs:*:*:*:*:*:*:*", "matchCriteriaId": "70C6DF0C-DC72-43FD-AD44-563075885D7C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.16s_3.16.0s:*:*:*:*:*:*:*", "matchCriteriaId": "6CB7CB45-0D3C-450F-A4F4-048D4266693B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.16s_3.16.1as:*:*:*:*:*:*:*", "matchCriteriaId": "ACDEE8CE-B4E5-4E2F-81D9-3CCECAB234E6", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.16s_3.16.1s:*:*:*:*:*:*:*", "matchCriteriaId": "13282A28-8990-4585-93E4-38384E1D174D", "vulnerable": true }, { "criteria": "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AF8ACF6-2BDF-49C2-B92F-2207D83664BF", "versionEndExcluding": "2017-01-06", "vulnerable": true }, { "criteria": "cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A5867B4-EC19-45D4-87BE-867E1D41ECD5", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", "matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", "vulnerable": true }, { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true }, { "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821." }, { "lang": "es", "value": "Cisco IOS 15.0 hasta la versi\u00f3n 15.5 y IOS XE 3.3 hasta la versi\u00f3n 3.16 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga de dispositivo) a trav\u00e9s de un mensaje DHCPv6 Relay manipulado, tambi\u00e9n conocido como Bug ID CSCus55821." } ], "id": "CVE-2016-1348", "lastModified": "2024-11-21T02:46:13.897", "metrics": { "cvssMetricV2": [ { "acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-03-26T01:59:02.200", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1035381" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035381" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-04-06 23:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:8.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "FF89B320-6D5A-4E46-A1FA-FCDB31F325C4", "vulnerable": true }, { "criteria": "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AF8ACF6-2BDF-49C2-B92F-2207D83664BF", "versionEndExcluding": "2017-01-06", "vulnerable": true }, { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true }, { "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:telepresence_server_7010:-:*:*:*:*:*:*:*", "matchCriteriaId": "983E3CC5-7B3A-467A-A482-0D19792CB55E", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*", "matchCriteriaId": "411829A8-56C6-4851-8063-97F03C7B66B2", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_310:-:*:*:*:*:*:*:*", "matchCriteriaId": "51463F95-8A40-47CC-A0FD-B8F0ED16C39F", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:telepresence_server_on_multiparty_media_320:-:*:*:*:*:*:*:*", "matchCriteriaId": "7792A73D-C38F-44E6-A660-6CDB0955EC69", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:telepresence_server_on_virtual_machine:-:*:*:*:*:*:*:*", "matchCriteriaId": "18C16ABE-9BA2-4852-9B12-70BA6A1D50C2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348." }, { "lang": "es", "value": "Cisco TelePresence Server 3.1 sobre dispositivos 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 y 320 y Virtual Machine (VM) permite a atacantes remotos causar una denegaci\u00f3n de servicio (recarga de dispositivo) a trav\u00e9s de paquetes STUN mal formados, tambi\u00e9n conocido como Bug ID CSCuv01348." } ], "id": "CVE-2015-6312", "lastModified": "2024-11-21T02:34:45.453", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-04-06T23:59:00.113", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1035500" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035500" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-119" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-03-26 01:59
Modified
2024-11-21 02:46
Severity ?
Summary
The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | ios_xe | 3.3s_3.3.0s | |
cisco | ios_xe | 3.3s_3.3.1s | |
cisco | ios_xe | 3.3s_3.3.2s | |
cisco | ios_xe | 3.3sg_3.3.0sg | |
cisco | ios_xe | 3.3sg_3.3.1sg | |
cisco | ios_xe | 3.3sg_3.3.2sg | |
cisco | ios_xe | 3.3xo_3.3.0xo | |
cisco | ios_xe | 3.3xo_3.3.1xo | |
cisco | ios_xe | 3.3xo_3.3.2xo | |
cisco | ios_xe | 3.4s_3.4.0as | |
cisco | ios_xe | 3.4s_3.4.0s | |
cisco | ios_xe | 3.4s_3.4.1s | |
cisco | ios_xe | 3.4s_3.4.2s | |
cisco | ios_xe | 3.4s_3.4.3s | |
cisco | ios_xe | 3.4s_3.4.4s | |
cisco | ios_xe | 3.4s_3.4.5s | |
cisco | ios_xe | 3.4s_3.4.6s | |
cisco | ios_xe | 3.4sg_3.4.0sg | |
cisco | ios_xe | 3.4sg_3.4.1sg | |
cisco | ios_xe | 3.4sg_3.4.2sg | |
cisco | ios_xe | 3.4sg_3.4.3sg | |
cisco | ios_xe | 3.4sg_3.4.4sg | |
cisco | ios_xe | 3.4sg_3.4.5sg | |
cisco | ios_xe | 3.4sg_3.4.6sg | |
cisco | ios_xe | 3.4sg_3.4.7sg | |
cisco | ios_xe | 3.5e_3.5.0e | |
cisco | ios_xe | 3.5e_3.5.1e | |
cisco | ios_xe | 3.5e_3.5.2e | |
cisco | ios_xe | 3.5e_3.5.3e | |
cisco | ios_xe | 3.5s_3.5.0s | |
cisco | ios_xe | 3.5s_3.5.1s | |
cisco | ios_xe | 3.5s_3.5.2s | |
cisco | ios_xe | 3.6e_3.6.0e | |
cisco | ios_xe | 3.6e_3.6.1e | |
cisco | ios_xe | 3.6e_3.6.2ae | |
cisco | ios_xe | 3.6e_3.6.2e | |
cisco | ios_xe | 3.6e_3.6.3e | |
cisco | ios_xe | 3.6s_3.6.0s | |
cisco | ios_xe | 3.6s_3.6.1s | |
cisco | ios_xe | 3.6s_3.6.2s | |
cisco | ios_xe | 3.7e_3.7.0e | |
cisco | ios_xe | 3.7e_3.7.1e | |
cisco | ios_xe | 3.7e_3.7.2e | |
cisco | ios_xe | 3.7e_3.7.3e | |
cisco | ios_xe | 3.7s_3.7.0s | |
cisco | ios_xe | 3.7s_3.7.1s | |
cisco | ios_xe | 3.7s_3.7.2s | |
cisco | ios_xe | 3.7s_3.7.2ts | |
cisco | ios_xe | 3.7s_3.7.3s | |
cisco | ios_xe | 3.7s_3.7.4as | |
cisco | ios_xe | 3.7s_3.7.4s | |
cisco | ios_xe | 3.7s_3.7.5s | |
cisco | ios_xe | 3.7s_3.7.6s | |
cisco | ios_xe | 3.7s_3.7.7s | |
cisco | ios_xe | 3.8e_3.8.0e | |
cisco | ios_xe | 3.8e_3.8.1e | |
cisco | ios_xe | 3.8s_3.8.0s | |
cisco | ios_xe | 3.8s_3.8.1s | |
cisco | ios_xe | 3.8s_3.8.2s | |
cisco | ios_xe | 3.9s_3.9.0as | |
cisco | ios_xe | 3.9s_3.9.0s | |
cisco | ios_xe | 3.9s_3.9.1as | |
cisco | ios_xe | 3.9s_3.9.1s | |
cisco | ios_xe | 3.9s_3.9.2s | |
cisco | ios_xe | 3.10s_3.10.0s | |
cisco | ios_xe | 3.10s_3.10.1s | |
cisco | ios_xe | 3.10s_3.10.1xbs | |
cisco | ios_xe | 3.10s_3.10.2s | |
cisco | ios_xe | 3.10s_3.10.3s | |
cisco | ios_xe | 3.10s_3.10.4s | |
cisco | ios_xe | 3.10s_3.10.5s | |
cisco | ios_xe | 3.10s_3.10.6s | |
cisco | ios_xe | 3.11s_3.11.0s | |
cisco | ios_xe | 3.11s_3.11.1s | |
cisco | ios_xe | 3.11s_3.11.2s | |
cisco | ios_xe | 3.11s_3.11.3s | |
cisco | ios_xe | 3.11s_3.11.4s | |
cisco | ios_xe | 3.12s_3.12.0s | |
cisco | ios_xe | 3.12s_3.12.1s | |
cisco | ios_xe | 3.12s_3.12.2s | |
cisco | ios_xe | 3.12s_3.12.3s | |
cisco | ios_xe | 3.12s_3.12.4s | |
cisco | ios_xe | 3.13s_3.13.0as | |
cisco | ios_xe | 3.13s_3.13.0s | |
cisco | ios_xe | 3.13s_3.13.1s | |
cisco | ios_xe | 3.13s_3.13.2as | |
cisco | ios_xe | 3.13s_3.13.2s | |
cisco | ios_xe | 3.13s_3.13.3s | |
cisco | ios_xe | 3.13s_3.13.4s | |
cisco | ios_xe | 3.14s_3.14.0s | |
cisco | ios_xe | 3.14s_3.14.1s | |
cisco | ios_xe | 3.14s_3.14.2s | |
cisco | ios_xe | 3.14s_3.14.3s | |
cisco | ios_xe | 3.15s_3.15.0s | |
cisco | ios_xe | 3.15s_3.15.1cs | |
cisco | ios_xe | 3.15s_3.15.1s | |
cisco | ios_xe | 3.15s_3.15.2s | |
cisco | ios_xe | 3.16s_3.16.0cs | |
cisco | ios_xe | 3.16s_3.16.0s | |
cisco | ios_xe | 3.16s_3.16.1as | |
cisco | ios_xe | 3.16s_3.16.1s | |
cisco | ios_xe | 3.17s_3.17.0s | |
lenovo | thinkcentre_e75s_firmware | * | |
netgear | jr6150_firmware | * | |
samsung | x14j_firmware | t-ms14jakucb-1102.5 | |
sun | opensolaris | snv_124 | |
zyxel | gs1900-10hp_firmware | * | |
zzinc | keymouse_firmware | 3.08 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3s_3.3.0s:*:*:*:*:*:*:*", "matchCriteriaId": "4AA80081-3BF8-4597-9815-7D8E65995341", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3s_3.3.1s:*:*:*:*:*:*:*", "matchCriteriaId": "F0CBBF2F-A0B8-4E13-A6FA-08C2598761B3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3s_3.3.2s:*:*:*:*:*:*:*", "matchCriteriaId": "D7B194EA-312F-4DA7-9AF8-BC442D231421", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3sg_3.3.0sg:*:*:*:*:*:*:*", "matchCriteriaId": "60648A1F-00D2-4C9D-A9D0-2DA0C032D610", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3sg_3.3.1sg:*:*:*:*:*:*:*", "matchCriteriaId": "6F6A2321-0266-4396-8DBC-AE2A33D951F3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3sg_3.3.2sg:*:*:*:*:*:*:*", "matchCriteriaId": "FE7BCA91-7AB6-4467-811E-D47120950F74", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3xo_3.3.0xo:*:*:*:*:*:*:*", "matchCriteriaId": "1048CA2D-FFA2-4D44-8F2E-3ECFD7A97E55", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3xo_3.3.1xo:*:*:*:*:*:*:*", "matchCriteriaId": "BFCA15E2-9FBC-49C7-BF47-7B749A11914B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.3xo_3.3.2xo:*:*:*:*:*:*:*", "matchCriteriaId": "F01AADBF-D870-4B75-9C34-82B534995C47", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4s_3.4.0as:*:*:*:*:*:*:*", "matchCriteriaId": "18C4FC67-6B33-44EA-86BA-5064160D6863", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4s_3.4.0s:*:*:*:*:*:*:*", "matchCriteriaId": "BEF19888-9CDE-4677-B65E-BF63BEC1FA16", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4s_3.4.1s:*:*:*:*:*:*:*", "matchCriteriaId": "1ACFC93D-CF49-45C6-8331-0BC8ACAE42E2", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4s_3.4.2s:*:*:*:*:*:*:*", "matchCriteriaId": "5A71947E-5405-435F-8974-88619239715B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4s_3.4.3s:*:*:*:*:*:*:*", "matchCriteriaId": "7A890C08-C3D4-4BDE-9528-03A09F92E69F", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4s_3.4.4s:*:*:*:*:*:*:*", "matchCriteriaId": "A5D100D8-4B49-472A-95FC-54C84B0D5353", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4s_3.4.5s:*:*:*:*:*:*:*", "matchCriteriaId": "BEDD36A8-E92E-433E-A63A-80DE5204D29B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4s_3.4.6s:*:*:*:*:*:*:*", "matchCriteriaId": "B92B67BE-FFB0-4621-B7DB-81B574734C13", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.0sg:*:*:*:*:*:*:*", "matchCriteriaId": "01851517-4ABD-4E4D-9A82-33DE7EDA323E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.1sg:*:*:*:*:*:*:*", "matchCriteriaId": "674C1E76-1C84-4595-97C2-B75D6656EDC8", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.2sg:*:*:*:*:*:*:*", "matchCriteriaId": "88DA0F1D-31AC-4E99-B268-7F8D62B525F0", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.3sg:*:*:*:*:*:*:*", "matchCriteriaId": "10205CB9-78AB-4AE5-9838-712F1B7A6DA3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.4sg:*:*:*:*:*:*:*", "matchCriteriaId": "424C9ED4-D693-497F-A4BF-2DA878DC2F16", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.5sg:*:*:*:*:*:*:*", "matchCriteriaId": "A00F31FD-CCA2-4896-AFD1-324315B8A1DF", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.6sg:*:*:*:*:*:*:*", "matchCriteriaId": "91CBDE34-E903-42E7-8250-F9C464FF9358", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.4sg_3.4.7sg:*:*:*:*:*:*:*", "matchCriteriaId": "7085BDF4-E515-4A97-8537-F2DF7F0313B9", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5e_3.5.0e:*:*:*:*:*:*:*", "matchCriteriaId": "34C96C5E-C67E-42DB-A400-872C72723397", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5e_3.5.1e:*:*:*:*:*:*:*", "matchCriteriaId": "036EB6B4-3EBA-4AC2-A182-9402257E7D85", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5e_3.5.2e:*:*:*:*:*:*:*", "matchCriteriaId": "2AB451EE-C76B-405A-9AEF-28420E9D964D", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5e_3.5.3e:*:*:*:*:*:*:*", "matchCriteriaId": "9D070F4E-0539-45C2-B5FC-486135DCA5B1", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5s_3.5.0s:*:*:*:*:*:*:*", "matchCriteriaId": "D03DF484-5044-40A0-90D5-010A4EACB884", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5s_3.5.1s:*:*:*:*:*:*:*", "matchCriteriaId": "C06826A5-1E47-43F8-BA06-DCEE41B1D298", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.5s_3.5.2s:*:*:*:*:*:*:*", "matchCriteriaId": "EF975D9D-126B-4E0B-BA5E-7E4A429275F3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6e_3.6.0e:*:*:*:*:*:*:*", "matchCriteriaId": "46D09504-050B-477B-A77C-DC6FB356573C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6e_3.6.1e:*:*:*:*:*:*:*", "matchCriteriaId": "E7515382-E7F8-4309-89F7-D2A0CDBCFE14", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6e_3.6.2ae:*:*:*:*:*:*:*", "matchCriteriaId": "4849EC40-FC9C-48A6-B0E1-F084737DC860", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6e_3.6.2e:*:*:*:*:*:*:*", "matchCriteriaId": "1B217689-9550-4465-9252-95BB53B3165E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6e_3.6.3e:*:*:*:*:*:*:*", "matchCriteriaId": "5B662063-15FE-46A0-97D5-A10A8C44D2A4", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6s_3.6.0s:*:*:*:*:*:*:*", "matchCriteriaId": "33FADC21-F6C7-4D97-94C7-3552C3A5830E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6s_3.6.1s:*:*:*:*:*:*:*", "matchCriteriaId": "39FA1C3D-01CB-4E26-9F81-6F53B6195083", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.6s_3.6.2s:*:*:*:*:*:*:*", "matchCriteriaId": "65CB65CA-4427-491D-BB64-A4D9D9EAE8D0", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7e_3.7.0e:*:*:*:*:*:*:*", "matchCriteriaId": "B5141179-58CC-42CC-B7C3-881E452BAF0E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7e_3.7.1e:*:*:*:*:*:*:*", "matchCriteriaId": "0F4F220A-ADA8-4D51-A41F-DC9607285940", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7e_3.7.2e:*:*:*:*:*:*:*", "matchCriteriaId": "21577E9B-D717-43EA-AB71-533BCDD1379D", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7e_3.7.3e:*:*:*:*:*:*:*", "matchCriteriaId": "5925E09E-891F-468C-B7BA-42F2CC83003D", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.0s:*:*:*:*:*:*:*", "matchCriteriaId": "E677D95D-14DC-475D-978D-6E2A11FD7F8C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.1s:*:*:*:*:*:*:*", "matchCriteriaId": "5CE969A4-9810-42DF-A92C-CD488CEB1150", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.2s:*:*:*:*:*:*:*", "matchCriteriaId": "C2CEB4AE-C963-4E8D-923D-8940E93BE51C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.2ts:*:*:*:*:*:*:*", "matchCriteriaId": "61E4FE90-CADD-4A39-A343-8C688FA4EDE7", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.3s:*:*:*:*:*:*:*", "matchCriteriaId": "48F5CB41-DC88-42D0-A7AD-F8DAA5386554", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.4as:*:*:*:*:*:*:*", "matchCriteriaId": "97399C68-252F-4B89-A20F-A15C5BC51DDC", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.4s:*:*:*:*:*:*:*", "matchCriteriaId": "6B648A93-E55B-487F-B6EE-2E97ED21BED7", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.5s:*:*:*:*:*:*:*", "matchCriteriaId": "287DE66C-0EA8-4404-A42E-11776B3D7852", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.6s:*:*:*:*:*:*:*", "matchCriteriaId": "8D3F59AE-7E69-4694-AFBF-CE278B3BE32F", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.7s_3.7.7s:*:*:*:*:*:*:*", "matchCriteriaId": "A95E7272-57D4-4DCC-A3B1-82C477439177", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.8e_3.8.0e:*:*:*:*:*:*:*", "matchCriteriaId": "0FFE5D14-0382-4BEB-988C-AC9982F8798F", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.8e_3.8.1e:*:*:*:*:*:*:*", "matchCriteriaId": "7C380CD5-653F-44D9-AE61-576C4B5C50C5", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.8s_3.8.0s:*:*:*:*:*:*:*", "matchCriteriaId": "532A0CC6-614F-4690-A845-E4CB2C05AEE6", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.8s_3.8.1s:*:*:*:*:*:*:*", "matchCriteriaId": "ED4A9A0A-3DB5-4BE4-B6F7-3BE491C4F973", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.8s_3.8.2s:*:*:*:*:*:*:*", "matchCriteriaId": "23A5201B-747B-4525-8707-F097051AD0A3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.9s_3.9.0as:*:*:*:*:*:*:*", "matchCriteriaId": "3F66E1DA-94E4-4AEE-BCF6-022B8E966C65", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.9s_3.9.0s:*:*:*:*:*:*:*", "matchCriteriaId": "43082336-50F9-49D2-91EF-823249F2366B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.9s_3.9.1as:*:*:*:*:*:*:*", "matchCriteriaId": "FBD67821-EEBE-49D4-8AAB-4FF81370A976", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.9s_3.9.1s:*:*:*:*:*:*:*", "matchCriteriaId": "7F2B3E54-746F-48B7-8DA4-4827BC450841", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.9s_3.9.2s:*:*:*:*:*:*:*", "matchCriteriaId": "FE4657ED-003D-48C1-9744-56AA825C96AE", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.0s:*:*:*:*:*:*:*", "matchCriteriaId": "E659A9C2-4E00-45F3-8F70-D9E18CDEE8D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.1s:*:*:*:*:*:*:*", "matchCriteriaId": "4B359E9A-65D2-447D-AA44-BEA158622923", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.1xbs:*:*:*:*:*:*:*", "matchCriteriaId": "B217F6BD-D867-459A-AC5E-760F0BD36602", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.2s:*:*:*:*:*:*:*", "matchCriteriaId": "8E1B040D-CE1A-41A3-B0E9-1AA0CFC29899", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.3s:*:*:*:*:*:*:*", "matchCriteriaId": "C2CE31EB-5B95-49EC-8955-0D47DDA344CA", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.4s:*:*:*:*:*:*:*", "matchCriteriaId": "FD279792-84E4-4E9C-9DBD-2E0689279981", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.5s:*:*:*:*:*:*:*", "matchCriteriaId": "67CF54E1-2890-4F70-81A1-04AFB98CC2BD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.6s:*:*:*:*:*:*:*", "matchCriteriaId": "137FCB00-9FD5-4C45-9DE4-EC4BB2679049", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.0s:*:*:*:*:*:*:*", "matchCriteriaId": "186A4D4A-5977-45BC-A054-72B20FA574FC", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.1s:*:*:*:*:*:*:*", "matchCriteriaId": "4DEF72D7-D889-4197-8469-A849050DE808", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.2s:*:*:*:*:*:*:*", "matchCriteriaId": "737754AA-C961-433E-B9D0-7C7ED0310F0A", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.3s:*:*:*:*:*:*:*", "matchCriteriaId": "AFCFC44D-F618-457B-BD53-F09224F1C599", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.4s:*:*:*:*:*:*:*", "matchCriteriaId": "8BC5C495-4CFE-4126-A358-5E4B40D17CC2", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.12s_3.12.0s:*:*:*:*:*:*:*", "matchCriteriaId": "2C2BB58F-437A-4051-8FC4-C16CFD99AC12", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.12s_3.12.1s:*:*:*:*:*:*:*", "matchCriteriaId": "348B6EB5-4DCF-41EA-BD36-C2A150F0F55C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.12s_3.12.2s:*:*:*:*:*:*:*", "matchCriteriaId": "588F5074-C8F3-4D62-89BF-EE0E3945921E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.12s_3.12.3s:*:*:*:*:*:*:*", "matchCriteriaId": "42D06EFA-5E74-4868-99DE-81278EA12119", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.12s_3.12.4s:*:*:*:*:*:*:*", "matchCriteriaId": "7F16B0E5-30F9-4C2A-A492-F0EF522843A7", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.0as:*:*:*:*:*:*:*", "matchCriteriaId": "73D0F3A6-14D7-4E83-A2E2-2D0FD545DD6C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.0s:*:*:*:*:*:*:*", "matchCriteriaId": "663B2239-BC08-4C0C-A16C-FA7CFD0B1F1C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.1s:*:*:*:*:*:*:*", "matchCriteriaId": "27806BF7-0971-4F71-A0CC-A9FADEF40F22", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.2as:*:*:*:*:*:*:*", "matchCriteriaId": "B6D9A836-B48E-4961-B51C-2014D2859922", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.2s:*:*:*:*:*:*:*", "matchCriteriaId": "AF0A7ED7-901B-4382-8666-E65A6880C756", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.3s:*:*:*:*:*:*:*", "matchCriteriaId": "DC8FBD67-6D74-44EB-A86D-DD8C98DA4998", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.4s:*:*:*:*:*:*:*", "matchCriteriaId": "42425169-F2EE-4157-9AA6-CF1B4FD12B72", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.14s_3.14.0s:*:*:*:*:*:*:*", "matchCriteriaId": "3E1BE381-4C2A-45B1-9647-FB1581BF687A", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.14s_3.14.1s:*:*:*:*:*:*:*", "matchCriteriaId": "398B04EF-01AD-4C91-B141-0266886AEED2", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.14s_3.14.2s:*:*:*:*:*:*:*", "matchCriteriaId": "F103A8AB-E32B-487D-9640-5CBB33E0FF5A", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.14s_3.14.3s:*:*:*:*:*:*:*", "matchCriteriaId": "FDA1DC5E-8504-4617-A1FC-86B3F912D556", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.15s_3.15.0s:*:*:*:*:*:*:*", "matchCriteriaId": "26E62379-6C6E-4B50-97FF-6183F048750F", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.15s_3.15.1cs:*:*:*:*:*:*:*", "matchCriteriaId": "6BEB3538-C2E0-4C44-ACE2-A022A118105F", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.15s_3.15.1s:*:*:*:*:*:*:*", "matchCriteriaId": "FD1C0761-BC14-4FD7-B852-88EAB4E78F83", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.15s_3.15.2s:*:*:*:*:*:*:*", "matchCriteriaId": "D9C5187C-C7E0-4446-B528-C5DE1AAB90ED", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.16s_3.16.0cs:*:*:*:*:*:*:*", "matchCriteriaId": "70C6DF0C-DC72-43FD-AD44-563075885D7C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.16s_3.16.0s:*:*:*:*:*:*:*", "matchCriteriaId": "6CB7CB45-0D3C-450F-A4F4-048D4266693B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.16s_3.16.1as:*:*:*:*:*:*:*", "matchCriteriaId": "ACDEE8CE-B4E5-4E2F-81D9-3CCECAB234E6", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.16s_3.16.1s:*:*:*:*:*:*:*", "matchCriteriaId": "13282A28-8990-4585-93E4-38384E1D174D", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:3.17s_3.17.0s:*:*:*:*:*:*:*", "matchCriteriaId": "749C67DC-E456-4230-A011-98E1E24BC1BE", "vulnerable": true }, { "criteria": "cpe:2.3:o:lenovo:thinkcentre_e75s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AB40F09-336C-4FBB-9A58-9B4033FCE7B1", "versionEndExcluding": "m16kt61a", "vulnerable": true }, { "criteria": "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AF8ACF6-2BDF-49C2-B92F-2207D83664BF", "versionEndExcluding": "2017-01-06", "vulnerable": true }, { "criteria": "cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A5867B4-EC19-45D4-87BE-867E1D41ECD5", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", "matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", "vulnerable": true }, { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true }, { "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417." }, { "lang": "es", "value": "La implementaci\u00f3n de IKEv2 en Cisco IOS hasta la versi\u00f3n 15.6 y IOS XE 3.3 hasta la versi\u00f3n 3.17 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga de dispositivo) a trav\u00e9s de paquetes fragmentados, tambi\u00e9n conocido como Bug ID CSCux38417." } ], "id": "CVE-2016-1344", "lastModified": "2024-11-21T02:46:13.400", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-03-26T01:59:01.247", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2" }, { "source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/85311" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1035382" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/85311" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035382" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-11-14 21:15
Modified
2024-11-21 04:29
Severity ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
cve@mitre.org | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-8_firmware | * | |
zyxel | gs1900-8 | - | |
zyxel | gs1900-8hp_firmware | * | |
zyxel | gs1900-8hp | - | |
zyxel | gs1900-10hp_firmware | * | |
zyxel | gs1900-10hp | - | |
zyxel | gs1900-16_firmware | * | |
zyxel | gs1900-16 | - | |
zyxel | gs1900-24e_firmware | * | |
zyxel | gs1900-24e | - | |
zyxel | gs1900-24_firmware | * | |
zyxel | gs1900-24 | - | |
zyxel | gs1900-24hp_firmware | * | |
zyxel | gs1900-24hp | - | |
zyxel | gs1900-48_firmware | * | |
zyxel | gs1900-48 | - | |
zyxel | gs1900-48hp_firmware | * | |
zyxel | gs1900-48hp | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5428A26-563D-47A7-A771-D6F20775EDF5", "versionEndExcluding": "2.50\\(aahh.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E6DB241-5659-414E-856E-C5D790D07F8B", "versionEndExcluding": "2.50\\(aahi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "52D51F8F-8BCB-4571-A782-264B71C7CD76", "versionEndExcluding": "2.50\\(aahj.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3687A400-9D7F-453A-88D7-C87B85B6E4EB", "versionEndExcluding": "2.50\\(aahk.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6733BECF-F9A3-4748-8A96-DFB10A670C35", "versionEndExcluding": "2.50\\(aahl.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D3A3C5E-2027-40EE-A9EF-983474E9DC07", "versionEndExcluding": "2.50\\(aahm.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "45D88D78-F7C9-45BB-8E47-2BD24B8616B2", "versionEndExcluding": "2.50\\(aahn.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6EA6D9E-B5D4-4043-90C5-409B5875A3B5", "versionEndExcluding": "2.50\\(aaho.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a la versi\u00f3n 2.50 (AAHH.0) C0. El firmware codifica y cifra las contrase\u00f1as con una clave criptogr\u00e1fica codificada en sal_util_str_encrypt () en libsal.so.0.0. Los par\u00e1metros (sal, IV y datos clave) se utilizan para cifrar y descifrar todas las contrase\u00f1as utilizando AES256 en modo CBC. Con los par\u00e1metros conocidos, se pueden descifrar todas las contrase\u00f1as previamente encriptadas. Esto incluye las contrase\u00f1as que forman parte de las copias de seguridad de la configuraci\u00f3n o que est\u00e1n integradas como parte del firmware." } ], "id": "CVE-2019-15802", "lastModified": "2024-11-21T04:29:29.790", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-11-14T21:15:11.797", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-798" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-12-31 16:59
Modified
2024-11-21 02:34
Severity ?
Summary
Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.
References
▼ | URL | Tags | |
---|---|---|---|
cret@cert.org | https://www.kb.cert.org/vuls/id/201168 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/201168 | Third Party Advisory, US Government Resource |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-10hp_firmware | * | |
zyxel | gs1900-10hp_firmware | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value." }, { "lang": "es", "value": "Dispositivos Belkin F9K1102 2 con firmware 2.10.17 utilizan un algoritmo indebido para seleccionar el valor ID en la cabecera de una consulta DNS, lo que hace m\u00e1s f\u00e1cil para atacantes remotos falsificar respuestas prediciendo este valor." } ], "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/330.html\"\u003eCWE-330: Use of Insufficiently Random Values\u003c/a\u003e", "id": "CVE-2015-5987", "lastModified": "2024-11-21T02:34:14.940", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2015-12-31T16:59:01.033", "references": [ { "source": "cret@cert.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.kb.cert.org/vuls/id/201168" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.kb.cert.org/vuls/id/201168" } ], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-02-07 11:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
samsung | x14j_firmware | t-ms14jakucb-1102.5 | |
sun | opensolaris | snv_124 | |
zyxel | gs1900-10hp_firmware | * | |
zzinc | keymouse_firmware | 3.08 | |
cisco | nexus_92160yc-x | - | |
cisco | nexus_92304qc | - | |
cisco | nexus_9236c | - | |
cisco | nexus_9272q | - | |
cisco | nexus_93108tc-ex | - | |
cisco | nexus_93120tx | - | |
cisco | nexus_93128tx | - | |
cisco | nexus_93180yc-ex | - | |
cisco | nexus_9332pq | - | |
cisco | nexus_9336pq_aci_spine | - | |
cisco | nexus_9372px | - | |
cisco | nexus_9372tx | - | |
cisco | nexus_9396px | - | |
cisco | nexus_9396tx | - | |
cisco | nexus_9504 | - | |
cisco | nexus_9508 | - | |
cisco | nexus_9516 | - | |
cisco | nx-os | base | |
sun | opensolaris | snv_124 | |
zyxel | gs1900-10hp_firmware | * | |
zzinc | keymouse_firmware | 3.08 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A5867B4-EC19-45D4-87BE-867E1D41ECD5", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", "matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", "vulnerable": true }, { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true }, { "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4283E433-7F8C-4410-B565-471415445811", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5B2E4C1-2627-4B9D-8E92-4B483F647651", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*", "matchCriteriaId": "11411BFD-3F4D-4309-AB35-A3629A360FB0", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*", "matchCriteriaId": "E663DE91-C86D-48DC-B771-FA72A8DF7A7C", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*", "matchCriteriaId": "A90184B3-C82F-4CE5-B2AD-97D5E4690871", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*", "matchCriteriaId": "07DE6F63-2C7D-415B-8C34-01EC05C062F3", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*", "matchCriteriaId": "F423E45D-A6DD-4305-9C6A-EAB26293E53A", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*", "matchCriteriaId": "F70D81F1-8B12-4474-9060-B4934D8A3873", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*", "matchCriteriaId": "113772B6-E9D2-4094-9468-3F4E1A87D07D", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*", "matchCriteriaId": "785FD17C-F32E-4042-9DDE-A89B3AAE0334", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*", "matchCriteriaId": "4364ADB9-8162-451D-806A-B98924E6B2CF", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*", "matchCriteriaId": "49E0371B-FDE2-473C-AA59-47E1269D050F", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BC5293E-F2B4-46DC-85DA-167EA323FCFD", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA022E77-6557-4A33-9A3A-D028E2DB669A", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*", "matchCriteriaId": "768BE390-5ED5-48A7-9E80-C4DE8BA979B1", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E02DC82-0D26-436F-BA64-73C958932B0A", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:nx-os:base:*:*:*:*:*:*:*", "matchCriteriaId": "CFBAD221-BBD3-4BE6-974F-361C8E0FC6E2", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", "matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", "vulnerable": true }, { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true }, { "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998." }, { "lang": "es", "value": "Dispositivos Cisco Application Policy Infrastructure Controller (APIC) con software anterior a 1.0(3h) y 1.1 en versiones anteriores a 1.1(1j) y switches Nexus 9000 ACI Mode con software anterior a 11.0(3h) y 11.1 en versiones anteriores a 11.1(1j) permite a usuarios remotos autenticados eludir las restricciones destinadas RBAC a trav\u00e9s de peticiones REST manipuladas, tambi\u00e9n conocido como Bug ID CSCut12998." } ], "id": "CVE-2016-1302", "lastModified": "2024-11-21T02:46:08.933", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-02-07T11:59:01.943", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1034925" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034925" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-284" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2024-11-12 02:15
Modified
2024-11-14 13:42
Severity ?
Summary
A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-8_firmware | * | |
zyxel | gs1900-8 | - | |
zyxel | gs1900-8hp_firmware | * | |
zyxel | gs1900-8hp | - | |
zyxel | gs1900-10hp_firmware | * | |
zyxel | gs1900-10hp | - | |
zyxel | gs1900-16_firmware | * | |
zyxel | gs1900-16 | - | |
zyxel | gs1900-24_firmware | * | |
zyxel | gs1900-24 | - | |
zyxel | gs1900-24e_firmware | * | |
zyxel | gs1900-24e | - | |
zyxel | gs1900-24ep_firmware | * | |
zyxel | gs1900-24ep | - | |
zyxel | gs1900-24hpv2_firmware | * | |
zyxel | gs1900-24hpv2 | - | |
zyxel | gs1900-48_firmware | * | |
zyxel | gs1900-48 | - | |
zyxel | gs1900-48hpv2_firmware | * | |
zyxel | gs1900-48hpv2 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDB5D07E-AAA1-439D-BC5F-CE005D328FF6", "versionEndExcluding": "2.90\\(aahh.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C325177-8525-4E2F-9B81-EBA020E33619", "versionEndExcluding": "2.90\\(aahi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECA64741-0758-4745-AC9A-961B6B01EA20", "versionEndExcluding": "2.90\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "808A3620-BCAA-4D27-898F-66A3115BC9BE", "versionEndExcluding": "2.90\\(aahj.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B91466E-3D14-4D3F-BAC8-A2AD013E4A1D", "versionEndExcluding": "2.90\\(aahl.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C670835A-A0FB-422B-8F42-8722A46E4A5C", "versionEndExcluding": "2.90\\(aahk.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A390C08B-2771-4C10-B25D-07F51A4D931A", "versionEndExcluding": "2.90\\(abto.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*", "matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC00E9BF-64D5-409A-BE15-B9A01EA1C257", "versionEndExcluding": "2.90\\(abtp.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "631DAB84-4EF2-482E-A9D2-DAA39278B259", "versionEndExcluding": "2.90\\(aahn.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "61819161-7A19-4438-8343-7936DE1D237C", "versionEndExcluding": "2.90\\(abtq.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier\u00a0could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL." }, { "lang": "es", "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en el programa CGI en el firmware del conmutador Zyxel GS1900-48 versi\u00f3n V2.80(AAHN.1)C0 y anteriores podr\u00eda permitir que un atacante autenticado basado en LAN con privilegios de administrador provoque condiciones de denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una URL manipulada." } ], "id": "CVE-2024-8882", "lastModified": "2024-11-14T13:42:12.347", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "security@zyxel.com.tw", "type": "Primary" } ] }, "published": "2024-11-12T02:15:19.160", "references": [ { "source": "security@zyxel.com.tw", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-buffer-overflow-vulnerabilities-in-gs1900-series-switches-11-12-2024" } ], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-120" } ], "source": "security@zyxel.com.tw", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-12-31 16:59
Modified
2024-11-21 02:34
Severity ?
Summary
Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.
References
▼ | URL | Tags | |
---|---|---|---|
cret@cert.org | https://www.kb.cert.org/vuls/id/201168 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/201168 | Third Party Advisory, US Government Resource |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-10hp_firmware | * | |
zyxel | gs1900-10hp_firmware | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values." }, { "lang": "es", "value": "Dispositivos Belkin F9K1102 2 con firmware 2.10.17 confia en el c\u00f3digo JavaScript del lado del cliente para autorizaci\u00f3n, lo que permite a atacantes remotos obtener privilegios administrativos a trav\u00e9s de ciertos cambios en los valores LockStatus y Login_Success." } ], "id": "CVE-2015-5989", "lastModified": "2024-11-21T02:34:15.180", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2015-12-31T16:59:03.250", "references": [ { "source": "cret@cert.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.kb.cert.org/vuls/id/201168" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.kb.cert.org/vuls/id/201168" } ], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-02-07 11:59
Modified
2024-11-21 02:46
Severity ?
Summary
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-10hp_firmware | * | |
zzinc | keymouse_firmware | 3.08 | |
zyxel | gs1900-10hp_firmware | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true }, { "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085." }, { "lang": "es", "value": "El servidor Openfire en Cisco Finesse Desktop 10.5(1) y 11.0(1) y Unified Contact Center Express 10.6(1) tiene una cuenta embebida, lo que hace m\u00e1s f\u00e1cil para atacantes remotos obtener acceso a trav\u00e9s de una sesi\u00f3n XMPP, tambi\u00e9n conocido como Bug ID CSCuw79085." } ], "id": "CVE-2016-1307", "lastModified": "2024-11-21T02:46:09.473", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-02-07T11:59:03.880", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1034920" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1034921" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034920" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034921" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-255" }, { "lang": "en", "value": "CWE-287" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-03-03 22:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-10hp_firmware | * | |
cisco | nexus_5548p | - | |
cisco | nexus_5548up | - | |
cisco | nexus_5596t | - | |
cisco | nexus_5596up | - | |
cisco | nexus_56128p | - | |
cisco | nexus_5624q | - | |
cisco | nexus_5648q | - | |
cisco | nexus_5672up | - | |
cisco | nexus_5696q | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5519EA9-1236-4F51-9974-E3FC1B26B5D2", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*", "matchCriteriaId": "1766443C-1C5A-486E-A36F-D3045F364D78", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*", "matchCriteriaId": "ABB6E612-4246-4408-B3F6-B31E771F5ACB", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*", "matchCriteriaId": "91B129B2-2B31-4DE0-9F83-CC6E0C8729A0", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*", "matchCriteriaId": "3CBD3CD0-B542-4B23-9C9D-061643BE44E8", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*", "matchCriteriaId": "A22A2647-A4C0-4681-BBC5-D95ADBAA0457", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2BB1A3A-668C-4B0D-8AC2-6B4758B3420B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645." }, { "lang": "es", "value": "Cisco NX-OS 7.1(1)N1(1) en dispositivos Nexus 5500, 5600 y 6000 no valida correctamente PDUs en paquetes SNMP, lo que permite a atancantes remotos causar una denegaci\u00f3n de servicio (reinicio de aplicaci\u00f3n SNMP) a trav\u00e9s de un paquetes manipulado, tambi\u00e9n conocido como Bug ID CSCut84645." } ], "id": "CVE-2015-6260", "lastModified": "2024-11-21T02:34:39.633", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-03-03T22:59:08.693", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1035158" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035158" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-03-03 11:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | nexus_3048 | - | |
cisco | nexus_3064 | - | |
cisco | nexus_3064t | - | |
cisco | nexus_3064x | - | |
samsung | x14j_firmware | t-ms14jakucb-1102.5 | |
sun | opensolaris | snv_124 | |
zyxel | gs1900-10hp_firmware | * | |
zzinc | keymouse_firmware | 3.08 | |
cisco | nexus_3524 | - | |
cisco | nexus_3548 | - | |
samsung | x14j_firmware | t-ms14jakucb-1102.5 | |
sun | opensolaris | snv_124 | |
zyxel | gs1900-10hp_firmware | * | |
zzinc | keymouse_firmware | 3.08 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*", "matchCriteriaId": "76C10D85-88AC-4A79-8866-BED88A0F8DF8", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F4E8EE4-031D-47D3-A12E-EE5F792172EE", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:*", "matchCriteriaId": "00CDD8C3-67D5-4E9F-9D48-A77B55DB0AB1", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A5867B4-EC19-45D4-87BE-867E1D41ECD5", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", "matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", "vulnerable": true }, { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true }, { "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAF5AF71-15DF-4151-A1CF-E138A7103FC8", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*", "matchCriteriaId": "088C0323-683A-44F5-8D42-FF6EC85D080E", "vulnerable": false } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A5867B4-EC19-45D4-87BE-867E1D41ECD5", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", "matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", "vulnerable": true }, { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true }, { "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800." }, { "lang": "es", "value": "Cisco NX-OS 6.0(2)U6(1) hasta la versi\u00f3n 6.0(2)U6(5) en dispositivos Nexus 3000 y 6.0(2)A6(1) hasta la versi\u00f3n 6.0(2)A6(5) y 6.0(2)A7(1) en dispositivos Nexus 3500 tiene credenciales embebidas, lo que permite a atacantes remotos obtener privilegios root a trav\u00e9s de una sesi\u00f3n (1) TELNET o (2) SSH, tambi\u00e9n conocida como Bug ID CSCuy25800." } ], "id": "CVE-2016-1329", "lastModified": "2024-11-21T02:46:11.900", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-03-03T11:59:00.117", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1035161" }, { "source": "ykramarz@cisco.com", "url": "https://isc.sans.edu/forums/diary/20795" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035161" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://isc.sans.edu/forums/diary/20795" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-287" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-11-14 21:15
Modified
2024-11-21 04:29
Severity ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
cve@mitre.org | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-8_firmware | * | |
zyxel | gs1900-8 | - | |
zyxel | gs1900-8hp_firmware | * | |
zyxel | gs1900-8hp | - | |
zyxel | gs1900-10hp_firmware | * | |
zyxel | gs1900-10hp | - | |
zyxel | gs1900-16_firmware | * | |
zyxel | gs1900-16 | - | |
zyxel | gs1900-24e_firmware | * | |
zyxel | gs1900-24e | - | |
zyxel | gs1900-24_firmware | * | |
zyxel | gs1900-24 | - | |
zyxel | gs1900-24hp_firmware | * | |
zyxel | gs1900-24hp | - | |
zyxel | gs1900-48_firmware | * | |
zyxel | gs1900-48 | - | |
zyxel | gs1900-48hp_firmware | * | |
zyxel | gs1900-48hp | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5428A26-563D-47A7-A771-D6F20775EDF5", "versionEndExcluding": "2.50\\(aahh.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E6DB241-5659-414E-856E-C5D790D07F8B", "versionEndExcluding": "2.50\\(aahi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "52D51F8F-8BCB-4571-A782-264B71C7CD76", "versionEndExcluding": "2.50\\(aahj.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3687A400-9D7F-453A-88D7-C87B85B6E4EB", "versionEndExcluding": "2.50\\(aahk.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6733BECF-F9A3-4748-8A96-DFB10A670C35", "versionEndExcluding": "2.50\\(aahl.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D3A3C5E-2027-40EE-A9EF-983474E9DC07", "versionEndExcluding": "2.50\\(aahm.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "45D88D78-F7C9-45BB-8E47-2BD24B8616B2", "versionEndExcluding": "2.50\\(aahn.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6EA6D9E-B5D4-4043-90C5-409B5875A3B5", "versionEndExcluding": "2.50\\(aaho.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.)" }, { "lang": "es", "value": "Se descubri\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a 2.50 (AAHH.0) C0. Debido a la falta de validaci\u00f3n de entrada en las funciones cmd_sys_traceroute_exec (), cmd_sys_arp_clear () y cmd_sys_ping_exec () en la biblioteca libclicmd.so contenida en el firmware, un atacante podr\u00eda aprovechar estas funciones para llamar al sistema () y ejecutar comandos arbitrarios en los conmutadores . (Tenga en cuenta que estas funciones no se invocan actualmente en esta versi\u00f3n del firmware, sin embargo, un atacante podr\u00eda usar otras vulnerabilidades para finalmente usar estas vulnerabilidades para obtener la ejecuci\u00f3n del c\u00f3digo)." } ], "id": "CVE-2019-15800", "lastModified": "2024-11-21T04:29:29.487", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-11-14T21:15:11.687", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-11-14 21:15
Modified
2024-11-21 04:29
Severity ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
cve@mitre.org | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-8_firmware | * | |
zyxel | gs1900-8 | - | |
zyxel | gs1900-8hp_firmware | * | |
zyxel | gs1900-8hp | - | |
zyxel | gs1900-10hp_firmware | * | |
zyxel | gs1900-10hp | - | |
zyxel | gs1900-16_firmware | * | |
zyxel | gs1900-16 | - | |
zyxel | gs1900-24e_firmware | * | |
zyxel | gs1900-24e | - | |
zyxel | gs1900-24_firmware | * | |
zyxel | gs1900-24 | - | |
zyxel | gs1900-24hp_firmware | * | |
zyxel | gs1900-24hp | - | |
zyxel | gs1900-48_firmware | * | |
zyxel | gs1900-48 | - | |
zyxel | gs1900-48hp_firmware | * | |
zyxel | gs1900-48hp | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5428A26-563D-47A7-A771-D6F20775EDF5", "versionEndExcluding": "2.50\\(aahh.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E6DB241-5659-414E-856E-C5D790D07F8B", "versionEndExcluding": "2.50\\(aahi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "52D51F8F-8BCB-4571-A782-264B71C7CD76", "versionEndExcluding": "2.50\\(aahj.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3687A400-9D7F-453A-88D7-C87B85B6E4EB", "versionEndExcluding": "2.50\\(aahk.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6733BECF-F9A3-4748-8A96-DFB10A670C35", "versionEndExcluding": "2.50\\(aahl.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D3A3C5E-2027-40EE-A9EF-983474E9DC07", "versionEndExcluding": "2.50\\(aahm.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "45D88D78-F7C9-45BB-8E47-2BD24B8616B2", "versionEndExcluding": "2.50\\(aahn.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6EA6D9E-B5D4-4043-90C5-409B5875A3B5", "versionEndExcluding": "2.50\\(aaho.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a la versi\u00f3n 2.50 (AAHH.0) C0. La imagen del firmware contiene contrase\u00f1as cifradas que se utilizan para autenticar a los usuarios que desean acceder a un men\u00fa de diagn\u00f3stico o recuperaci\u00f3n de contrase\u00f1a. Usando la clave criptogr\u00e1fica codificada que se encuentra en otra parte del firmware, estas contrase\u00f1as se pueden descifrar. Esto est\u00e1 relacionado con fds_sys_passDebugPasswd_ret () y fds_sys_passRecoveryPasswd_ret () en libfds.so.0.0." } ], "id": "CVE-2019-15801", "lastModified": "2024-11-21T04:29:29.637", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-11-14T21:15:11.750", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-798" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-03-03 22:59
Modified
2024-11-21 02:23
Severity ?
Summary
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_1i:*:*:*:*:*:*:*", "matchCriteriaId": "AB6F78F3-0C2E-4F0F-8D2E-31B67DB42472", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_1j:*:*:*:*:*:*:*", "matchCriteriaId": "A80A2C90-5B7C-4EC1-80A9-729A0F06031E", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_1m:*:*:*:*:*:*:*", "matchCriteriaId": "65BC2A14-4A72-4758-BE17-CBF827569D86", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_3i:*:*:*:*:*:*:*", "matchCriteriaId": "0D1909BD-03D2-4F27-9072-4EB8261F19AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_3l:*:*:*:*:*:*:*", "matchCriteriaId": "0B9195CA-1339-4893-B8A4-971F4B925349", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_3m:*:*:*:*:*:*:*", "matchCriteriaId": "B7D87DEE-2CEC-463F-835A-1974B4C4F1E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_3q:*:*:*:*:*:*:*", "matchCriteriaId": "C1628CE3-1493-4C35-941D-8C3AA1044467", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_3s:*:*:*:*:*:*:*", "matchCriteriaId": "AE970756-5E04-4FAE-8589-AC68AA52EC85", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_3u:*:*:*:*:*:*:*", "matchCriteriaId": "781FF06A-3F99-4DC7-A79D-C8582E5C5FF9", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_3y:*:*:*:*:*:*:*", "matchCriteriaId": "8D3819FA-1AAE-48C6-9137-DACF35F820BD", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_4f:*:*:*:*:*:*:*", "matchCriteriaId": "F5557821-D83E-4D39-8499-A1503EDA13E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_4g:*:*:*:*:*:*:*", "matchCriteriaId": "259FC572-CAC3-4AC7-847E-8DADF58F6244", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_4i:*:*:*:*:*:*:*", "matchCriteriaId": "E99A5257-B675-43E8-AB96-9E8AE5C38770", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_4j:*:*:*:*:*:*:*", "matchCriteriaId": "FD515D92-4684-4C6A-B357-C0C1760332B9", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_4k:*:*:*:*:*:*:*", "matchCriteriaId": "52C9D48E-69BE-437C-AEAA-8087E7BDE01A", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.4_4l:*:*:*:*:*:*:*", "matchCriteriaId": "F6FB1056-A8C0-498A-94DB-CF3D6B4B1952", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.5_base:*:*:*:*:*:*:*", "matchCriteriaId": "9673825E-FA14-4E70-8B5C-A6978E78C2C1", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:1.6_base:*:*:*:*:*:*:*", "matchCriteriaId": "38CBE00C-943C-4370-9E94-18B2A59384FF", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_1q:*:*:*:*:*:*:*", "matchCriteriaId": "45D47062-3D36-44B3-A03F-E716CA28E490", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_1s:*:*:*:*:*:*:*", "matchCriteriaId": "8DCAE42A-01E0-4120-93B6-6C65C3CC5840", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_1t:*:*:*:*:*:*:*", "matchCriteriaId": "037BF8C3-352F-413F-81B3-F982979F1D76", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_1w:*:*:*:*:*:*:*", "matchCriteriaId": "5C9ED255-9107-4408-9594-9DAB32DEB793", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_1x:*:*:*:*:*:*:*", "matchCriteriaId": "9E6A1EF9-2AD6-4592-B9B2-68B7D31818EE", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_2m:*:*:*:*:*:*:*", "matchCriteriaId": "208A941A-6D38-4A87-BC9C-08533CC5A345", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_2q:*:*:*:*:*:*:*", "matchCriteriaId": "70287DD2-D08B-4651-B919-98132083955E", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_2r:*:*:*:*:*:*:*", "matchCriteriaId": "C509B7EC-3249-4F81-A84F-07A591A7607D", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_3a:*:*:*:*:*:*:*", "matchCriteriaId": "5ADB38CA-107C-4B25-A3F4-481BD40E2B13", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_3b:*:*:*:*:*:*:*", "matchCriteriaId": "1914FC5D-F732-45D1-B743-C001FC097C45", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_3c:*:*:*:*:*:*:*", "matchCriteriaId": "05A47393-B4EC-4463-A3C8-18DA544180BB", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_4a:*:*:*:*:*:*:*", "matchCriteriaId": "1FAC5FB0-D5A7-4C94-A3EA-945AE98BA06E", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_4b:*:*:*:*:*:*:*", "matchCriteriaId": "6C875EC7-6B52-4CA8-9114-94B643C8B6CB", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_4d:*:*:*:*:*:*:*", "matchCriteriaId": "ACF61A3E-628A-4B44-96B7-7FC287012A05", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_5a:*:*:*:*:*:*:*", "matchCriteriaId": "C5E85B5F-34DA-4AB8-B024-67356622753F", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_5b:*:*:*:*:*:*:*", "matchCriteriaId": "44454A17-1A9A-4C9B-8B3D-09B4FEA57EC7", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_5c:*:*:*:*:*:*:*", "matchCriteriaId": "A1433216-CD80-4592-88A9-F77609E6A2D7", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_5d:*:*:*:*:*:*:*", "matchCriteriaId": "5C864C5B-71C7-40F9-87E4-38C40B403062", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_5e:*:*:*:*:*:*:*", "matchCriteriaId": "700023BC-C599-48B8-9270-9F9FEF5226A0", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.0_5f:*:*:*:*:*:*:*", "matchCriteriaId": "E95DC7AD-6FAB-452B-B28D-897B0A54A8A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.1_1a:*:*:*:*:*:*:*", "matchCriteriaId": "4C450C35-F3AE-4764-B526-C8AC72ACE23D", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.1_1b:*:*:*:*:*:*:*", "matchCriteriaId": "7163742C-2D4A-4B9A-A5F0-9EE7C0EDEECD", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.1_1d:*:*:*:*:*:*:*", "matchCriteriaId": "936C4011-EA09-49D3-B691-0BA723B0A12A", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.1_1e:*:*:*:*:*:*:*", "matchCriteriaId": "34A654BC-1438-47B6-8003-8B26BCC5609D", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.1_1f:*:*:*:*:*:*:*", "matchCriteriaId": "15FCBDCA-F7AF-4AB7-9969-03C4B54708CC", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.1_2a:*:*:*:*:*:*:*", "matchCriteriaId": "6B636D4C-EEE2-4DE2-A0BE-D027F2685596", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.1_2c:*:*:*:*:*:*:*", "matchCriteriaId": "FB26588E-4BDE-404B-B260-97409CBA5484", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.1_2d:*:*:*:*:*:*:*", "matchCriteriaId": "F9E36183-43A7-4F1E-AA0F-6B4F7DC508A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.1_3a:*:*:*:*:*:*:*", "matchCriteriaId": "83BE0150-A046-4471-A8DC-84B452D48E23", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.1_3b:*:*:*:*:*:*:*", "matchCriteriaId": "291162BE-4233-4BA5-B8B0-6AF52D2D82F1", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.1_3c:*:*:*:*:*:*:*", "matchCriteriaId": "0A806750-804B-4B95-A627-6FE9F438502F", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.1_3d:*:*:*:*:*:*:*", "matchCriteriaId": "BDAEBA25-BA6E-4E5C-8602-1AFD5211148B", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.1_3e:*:*:*:*:*:*:*", "matchCriteriaId": "2D3447A9-A5F4-4B5C-A9EE-512EBD902AC6", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.1_3f:*:*:*:*:*:*:*", "matchCriteriaId": "E222E1CA-7A13-42BC-ADC7-C2435A7111D8", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.2_1b:*:*:*:*:*:*:*", "matchCriteriaId": "BC205C79-0841-4AB3-8DAE-D01813615DF7", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.2_1c:*:*:*:*:*:*:*", "matchCriteriaId": "97261FA3-E148-430A-B019-1CC2D8C3732F", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.2_1d:*:*:*:*:*:*:*", "matchCriteriaId": "50D20009-880B-470E-84DF-20E8A0795E3A", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.2_1e:*:*:*:*:*:*:*", "matchCriteriaId": "E15905A8-2BC7-4A5D-8C93-9FC703F0B705", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.2_2c:*:*:*:*:*:*:*", "matchCriteriaId": "6A3BEF89-20FC-4BB6-B1BC-3795235ED998", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.2_2d:*:*:*:*:*:*:*", "matchCriteriaId": "1E8BBA0E-5CD3-4F83-B664-8C235548A233", "vulnerable": true }, { "criteria": "cpe:2.3:a:cisco:unified_computing_system:2.2_2e:*:*:*:*:*:*:*", "matchCriteriaId": "FB74768A-D3C9-4D47-8F3E-850855EBB5D2", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:nx-os:base:*:*:*:*:*:*:*", "matchCriteriaId": "CFBAD221-BBD3-4BE6-974F-361C8E0FC6E2", "vulnerable": true }, { "criteria": "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AF8ACF6-2BDF-49C2-B92F-2207D83664BF", "versionEndExcluding": "2017-01-06", "vulnerable": true }, { "criteria": "cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A5867B4-EC19-45D4-87BE-867E1D41ECD5", "vulnerable": true }, { "criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", "matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", "vulnerable": true }, { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true }, { "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579." }, { "lang": "es", "value": "Cisco NX-OS 4.0 hasta la versi\u00f3n 6.1 en dispositivos Nexus 1000V 3000, 4000, 5000, 6000 y 7000 y plataformas Unified Computing System (UCS) permite a atancantes remotos causar una denegaci\u00f3n de servicio (recarga de pila TCP) mediante el env\u00edo de paquetes TCP manipulados a un dispositivo que tenga una sesi\u00f3n TIME_WAIT TCP, tambi\u00e9n conocido como Bug ID CSCub70579." } ], "id": "CVE-2015-0718", "lastModified": "2024-11-21T02:23:35.747", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-03-03T22:59:02.707", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1035159" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1035160" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035159" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035160" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-02-07 11:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-10hp_firmware | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512." }, { "lang": "es", "value": "Switches Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode con software anterior a 11.0(1c) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga de dispositivo) a trav\u00e9s de un paquete IPv4 ICMP con la opci\u00f3n IP Record Route, tambi\u00e9n conocido como Bug ID CSCuq57512." } ], "id": "CVE-2015-6398", "lastModified": "2024-11-21T02:34:55.550", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-02-07T11:59:00.100", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1034928" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034928" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-02-09 03:59
Modified
2024-11-21 02:46
Severity ?
Summary
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
sun | opensolaris | snv_124 | |
samsung | x14j_firmware | t-ms14jakucb-1102.5 | |
sun | opensolaris | snv_124 | |
zyxel | gs1900-10hp_firmware | * | |
zzinc | keymouse_firmware | 3.08 | |
zzinc | keymouse_firmware | 3.08 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", "matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A5867B4-EC19-45D4-87BE-867E1D41ECD5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:*", "matchCriteriaId": "09B35C0E-6CBA-4B6B-BCD2-F5CC0BF8CF53", "vulnerable": true }, { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true }, { "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM \u0026 Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958." }, { "lang": "es", "value": "Cisco Unified Communications Manager (tambi\u00e9n conocido como CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1) y 11.0(1.10000.10); Unified Communications Manager IM \u0026 Presence Service 10.5(2); Unified Contact Center Express 11.0(1); y Unity Connection 10.5(2) almacena una clave de cifrado en texto plano, que permite a usuarios locales obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCuv85958." } ], "id": "CVE-2016-1319", "lastModified": "2024-11-21T02:46:10.783", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-02-09T03:59:03.320", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1034958" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1034959" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1034960" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034958" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034959" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034960" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2023-05-30 11:15
Modified
2025-01-10 18:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version
V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-8_firmware | 2.70\(aahh.3\) | |
zyxel | gs1900-8 | - | |
zyxel | gs1900-8hp_firmware | 2.70\(aahi.3\) | |
zyxel | gs1900-8hp | - | |
zyxel | gs1900-10hp_firmware | 2.70\(aazi.3\) | |
zyxel | gs1900-10hp | - | |
zyxel | gs1900-16_firmware | 2.70\(aahj.3\) | |
zyxel | gs1900-16 | - | |
zyxel | gs1900-24_firmware | 2.70\(aahl.3\) | |
zyxel | gs1900-24 | - | |
zyxel | gs1900-24e_firmware | 2.70\(aahk.3\) | |
zyxel | gs1900-24e | - | |
zyxel | gs1900-24ep_firmware | 2.70\(abto.3\) | |
zyxel | gs1900-24ep | - | |
zyxel | gs1900-24hpv2_firmware | 2.70\(abtp.3\) | |
zyxel | gs1900-24hpv2 | - | |
zyxel | gs1900-48_firmware | 2.70\(aahn.3\) | |
zyxel | gs1900-48 | - | |
zyxel | gs1900-48hpv2_firmware | 2.70\(abtq.3\) | |
zyxel | gs1900-48hpv2 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:2.70\\(aahh.3\\):*:*:*:*:*:*:*", "matchCriteriaId": "527D0BFB-F841-4DCE-8E00-16323FC46996", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70\\(aahi.3\\):*:*:*:*:*:*:*", "matchCriteriaId": "4AA6A7D0-96D8-4949-8DD8-47EE58E2ECE0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70\\(aazi.3\\):*:*:*:*:*:*:*", "matchCriteriaId": "E2C468E7-4D3F-4BDB-9CAE-A63D2A931E04", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:2.70\\(aahj.3\\):*:*:*:*:*:*:*", "matchCriteriaId": "D131CC71-786E-435A-8D38-AEEEC2550EEF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:2.70\\(aahl.3\\):*:*:*:*:*:*:*", "matchCriteriaId": "1A4D69A3-AD61-4FCA-B413-916ABFE1947E", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70\\(aahk.3\\):*:*:*:*:*:*:*", "matchCriteriaId": "2160CDCE-C645-4AEF-9197-54172C0BBE9A", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70\\(abto.3\\):*:*:*:*:*:*:*", "matchCriteriaId": "3DD99781-1BB0-40E0-A5AE-3529F2C47042", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*", "matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70\\(abtp.3\\):*:*:*:*:*:*:*", "matchCriteriaId": "7B528417-3E19-4E00-A682-AFCD87D96D8B", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:2.70\\(aahn.3\\):*:*:*:*:*:*:*", "matchCriteriaId": "E4B3AE8C-CDC7-45F3-97CA-F5C2EE6B9D03", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70\\(abtq.3\\):*:*:*:*:*:*:*", "matchCriteriaId": "309BFD9B-C152-4E8D-8E4A-FBDC65F17184", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version \n\nV2.70(AAHH.3)\u00a0and the GS1900-8HP firmware version\u00a0V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as \u0027root\u0027 on a vulnerable device via SSH." } ], "id": "CVE-2022-45853", "lastModified": "2025-01-10T18:15:14.623", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "security@zyxel.com.tw", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-05-30T11:15:09.237", "references": [ { "source": "security@zyxel.com.tw", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches" } ], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-269" } ], "source": "security@zyxel.com.tw", "type": "Primary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-276" } ], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2016-04-06 23:59
Modified
2024-11-21 02:46
Severity ?
Summary
The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
dell | emc_powerscale_onefs | 8.2.2 | |
netgear | jr6150_firmware | * | |
samsung | x14j_firmware | t-ms14jakucb-1102.5 | |
zyxel | gs1900-10hp_firmware | * | |
zzinc | keymouse_firmware | 3.08 | |
cisco | telepresence_server_mse_8710 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:8.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "FF89B320-6D5A-4E46-A1FA-FCDB31F325C4", "vulnerable": true }, { "criteria": "cpe:2.3:o:netgear:jr6150_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AF8ACF6-2BDF-49C2-B92F-2207D83664BF", "versionEndExcluding": "2017-01-06", "vulnerable": true }, { "criteria": "cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:*", "matchCriteriaId": "3A5867B4-EC19-45D4-87BE-867E1D41ECD5", "vulnerable": true }, { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true }, { "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*", "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:telepresence_server_mse_8710:-:*:*:*:*:*:*:*", "matchCriteriaId": "411829A8-56C6-4851-8063-97F03C7B66B2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673." }, { "lang": "es", "value": "El kernel en Cisco TelePresence Server 3.0 hasta la versi\u00f3n 4.2(4.18) en dispositivos Mobility Services Engine (MSE) 8710 permite a atacantes remotos causar una denegaci\u00f3n de servicio (p\u00e1nico y reinicio) a trav\u00e9s de una secuencia de paquetes IPv6 manipulada, tambi\u00e9n conocido como Bug ID CSCuu46673." } ], "id": "CVE-2016-1346", "lastModified": "2024-11-21T02:46:13.650", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2016-04-06T23:59:13.740", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts" }, { "source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1035499" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035499" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-399" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-12-31 16:59
Modified
2024-11-21 02:34
Severity ?
Summary
The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
References
▼ | URL | Tags | |
---|---|---|---|
cret@cert.org | https://www.kb.cert.org/vuls/id/201168 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/201168 | Third Party Advisory, US Government Resource |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-10hp_firmware | * | |
zyxel | gs1900-10hp_firmware | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session." }, { "lang": "es", "value": "La interfaz de gesti\u00f3n web en dispositivos Belkin F9K1102 2 con firmware 2.10.17 tiene una contrase\u00f1a en blanco, lo que permite a atacantes remotos obtener privilegios administrativos aprovechando una sesi\u00f3n LAN." } ], "id": "CVE-2015-5988", "lastModified": "2024-11-21T02:34:15.067", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary" } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2015-12-31T16:59:02.000", "references": [ { "source": "cret@cert.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.kb.cert.org/vuls/id/201168" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.kb.cert.org/vuls/id/201168" } ], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-255" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-11-14 21:15
Modified
2024-11-21 04:29
Severity ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
cve@mitre.org | https://vimeo.com/354726424 | Exploit, Third Party Advisory | |
cve@mitre.org | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://vimeo.com/354726424 | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-8_firmware | * | |
zyxel | gs1900-8 | - | |
zyxel | gs1900-8hp_firmware | * | |
zyxel | gs1900-8hp | - | |
zyxel | gs1900-10hp_firmware | * | |
zyxel | gs1900-10hp | - | |
zyxel | gs1900-16_firmware | * | |
zyxel | gs1900-16 | - | |
zyxel | gs1900-24e_firmware | * | |
zyxel | gs1900-24e | - | |
zyxel | gs1900-24_firmware | * | |
zyxel | gs1900-24 | - | |
zyxel | gs1900-24hp_firmware | * | |
zyxel | gs1900-24hp | - | |
zyxel | gs1900-48_firmware | * | |
zyxel | gs1900-48 | - | |
zyxel | gs1900-48hp_firmware | * | |
zyxel | gs1900-48hp | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5428A26-563D-47A7-A771-D6F20775EDF5", "versionEndExcluding": "2.50\\(aahh.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E6DB241-5659-414E-856E-C5D790D07F8B", "versionEndExcluding": "2.50\\(aahi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "52D51F8F-8BCB-4571-A782-264B71C7CD76", "versionEndExcluding": "2.50\\(aahj.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3687A400-9D7F-453A-88D7-C87B85B6E4EB", "versionEndExcluding": "2.50\\(aahk.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6733BECF-F9A3-4748-8A96-DFB10A670C35", "versionEndExcluding": "2.50\\(aahl.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D3A3C5E-2027-40EE-A9EF-983474E9DC07", "versionEndExcluding": "2.50\\(aahm.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "45D88D78-F7C9-45BB-8E47-2BD24B8616B2", "versionEndExcluding": "2.50\\(aahn.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6EA6D9E-B5D4-4043-90C5-409B5875A3B5", "versionEndExcluding": "2.50\\(aaho.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a la versi\u00f3n 2.50 (AAHH.0) C0. Las cuentas de usuario creadas a trav\u00e9s de la interfaz web del dispositivo, cuando se les otorgan privilegios de nivel no administrativo, tienen el mismo nivel de acceso privilegiado que los administradores cuando se conectan al dispositivo a trav\u00e9s de SSH (mientras que sus permisos a trav\u00e9s de la interfaz web est\u00e1n de hecho restringidos). Esto permite a los usuarios normales obtener la contrase\u00f1a administrativa ejecutando el comando de soporte t\u00e9cnico a trav\u00e9s de la CLI: contiene las contrase\u00f1as cifradas para todos los usuarios en el dispositivo. Como estas contrase\u00f1as se cifran con par\u00e1metros conocidos y est\u00e1ticos, se pueden descifrar y se pueden obtener las contrase\u00f1as originales (incluida la contrase\u00f1a del administrador)." } ], "id": "CVE-2019-15799", "lastModified": "2024-11-21T04:29:29.333", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-11-14T21:15:11.623", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://vimeo.com/354726424" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://vimeo.com/354726424" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-269" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2015-12-31 16:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users.
References
▼ | URL | Tags | |
---|---|---|---|
cret@cert.org | https://www.kb.cert.org/vuls/id/201168 | Third Party Advisory, US Government Resource | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/201168 | Third Party Advisory, US Government Resource |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-10hp_firmware | * | |
zyxel | gs1900-10hp_firmware | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users." }, { "lang": "es", "value": "Vulnerabilidad de CSRF en dispositivos Belkin F9K1102 2 con firmware 2.10.17 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios" } ], "id": "CVE-2015-5990", "lastModified": "2024-11-21T02:34:15.293", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2015-12-31T16:59:04.220", "references": [ { "source": "cret@cert.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.kb.cert.org/vuls/id/201168" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.kb.cert.org/vuls/id/201168" } ], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-352" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2024-11-12 02:15
Modified
2024-11-14 13:51
Severity ?
Summary
A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-8_firmware | * | |
zyxel | gs1900-8 | - | |
zyxel | gs1900-8hp_firmware | * | |
zyxel | gs1900-8hp | - | |
zyxel | gs1900-10hp_firmware | * | |
zyxel | gs1900-10hp | - | |
zyxel | gs1900-16_firmware | * | |
zyxel | gs1900-16 | - | |
zyxel | gs1900-24_firmware | * | |
zyxel | gs1900-24 | - | |
zyxel | gs1900-24e_firmware | * | |
zyxel | gs1900-24e | - | |
zyxel | gs1900-24ep_firmware | * | |
zyxel | gs1900-24ep | - | |
zyxel | gs1900-24hpv2_firmware | * | |
zyxel | gs1900-24hpv2 | - | |
zyxel | gs1900-48_firmware | * | |
zyxel | gs1900-48 | - | |
zyxel | gs1900-48hpv2_firmware | * | |
zyxel | gs1900-48hpv2 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDB5D07E-AAA1-439D-BC5F-CE005D328FF6", "versionEndExcluding": "2.90\\(aahh.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C325177-8525-4E2F-9B81-EBA020E33619", "versionEndExcluding": "2.90\\(aahi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECA64741-0758-4745-AC9A-961B6B01EA20", "versionEndExcluding": "2.90\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "808A3620-BCAA-4D27-898F-66A3115BC9BE", "versionEndExcluding": "2.90\\(aahj.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B91466E-3D14-4D3F-BAC8-A2AD013E4A1D", "versionEndExcluding": "2.90\\(aahl.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C670835A-A0FB-422B-8F42-8722A46E4A5C", "versionEndExcluding": "2.90\\(aahk.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A390C08B-2771-4C10-B25D-07F51A4D931A", "versionEndExcluding": "2.90\\(abto.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*", "matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC00E9BF-64D5-409A-BE15-B9A01EA1C257", "versionEndExcluding": "2.90\\(abtp.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "631DAB84-4EF2-482E-A9D2-DAA39278B259", "versionEndExcluding": "2.90\\(aahn.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "61819161-7A19-4438-8343-7936DE1D237C", "versionEndExcluding": "2.90\\(abtq.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request." }, { "lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos posterior a la autenticaci\u00f3n en el programa CGI en el firmware del conmutador Zyxel GS1900-48 versi\u00f3n V2.80(AAHN.1)C0 y anteriores podr\u00eda permitir que un atacante autenticado basado en LAN con privilegios de administrador ejecute algunos comandos del sistema operativo (OS) en un dispositivo afectado mediante el env\u00edo de una solicitud HTTP manipulada." } ], "id": "CVE-2024-8881", "lastModified": "2024-11-14T13:51:11.257", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "security@zyxel.com.tw", "type": "Primary" } ] }, "published": "2024-11-12T02:15:18.817", "references": [ { "source": "security@zyxel.com.tw", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-and-buffer-overflow-vulnerabilities-in-gs1900-series-switches-11-12-2024" } ], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "security@zyxel.com.tw", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2019-11-14 21:15
Modified
2024-11-21 04:29
Severity ?
Summary
An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
cve@mitre.org | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html | Exploit, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-8_firmware | * | |
zyxel | gs1900-8 | - | |
zyxel | gs1900-8hp_firmware | * | |
zyxel | gs1900-8hp | - | |
zyxel | gs1900-10hp_firmware | * | |
zyxel | gs1900-10hp | - | |
zyxel | gs1900-16_firmware | * | |
zyxel | gs1900-16 | - | |
zyxel | gs1900-24e_firmware | * | |
zyxel | gs1900-24e | - | |
zyxel | gs1900-24_firmware | * | |
zyxel | gs1900-24 | - | |
zyxel | gs1900-24hp_firmware | * | |
zyxel | gs1900-24hp | - | |
zyxel | gs1900-48_firmware | * | |
zyxel | gs1900-48 | - | |
zyxel | gs1900-48hp_firmware | * | |
zyxel | gs1900-48hp | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5428A26-563D-47A7-A771-D6F20775EDF5", "versionEndExcluding": "2.50\\(aahh.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E6DB241-5659-414E-856E-C5D790D07F8B", "versionEndExcluding": "2.50\\(aahi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E", "versionEndExcluding": "2.50\\(aazi.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "52D51F8F-8BCB-4571-A782-264B71C7CD76", "versionEndExcluding": "2.50\\(aahj.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3687A400-9D7F-453A-88D7-C87B85B6E4EB", "versionEndExcluding": "2.50\\(aahk.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6733BECF-F9A3-4748-8A96-DFB10A670C35", "versionEndExcluding": "2.50\\(aahl.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D3A3C5E-2027-40EE-A9EF-983474E9DC07", "versionEndExcluding": "2.50\\(aahm.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "74B1D264-99AC-4AA8-955C-602F2DA5B885", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "45D88D78-F7C9-45BB-8E47-2BD24B8616B2", "versionEndExcluding": "2.50\\(aahn.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6EA6D9E-B5D4-4043-90C5-409B5875A3B5", "versionEndExcluding": "2.50\\(aaho.0\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "566A9E8C-AF55-4331-B9B0-F65EB900B0BE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains \"Password recovery for specific user\" options. The menu is believed to be accessible using a serial console." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en los dispositivos Zyxel GS1900 con firmware anterior a 2.50(AAHH.0)C0. Mediante el envi\u00f3 de una se\u00f1al al proceso de la CLI, una funcionalidad no documentada es activada. Espec\u00edficamente, se puede activar un men\u00fa mediante el env\u00edo de la se\u00f1al SIGQUIT a la aplicaci\u00f3n de la CLI (por ejemplo, por medio de CTRL+\\ v\u00eda SSH). La comprobaci\u00f3n del control de acceso para este men\u00fa opera y proh\u00edbe acceder al men\u00fa, que contiene las opciones de \"Password recovery for specific user\". Se cree que es posible acceder al men\u00fa usando una consola en serie." } ], "id": "CVE-2019-15804", "lastModified": "2024-11-21T04:29:30.103", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-11-14T21:15:11.953", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2024-09-10 02:15
Modified
2024-09-18 18:23
Severity ?
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid session token if multiple authenticated sessions are alive.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
zyxel | gs1900-48hpv2_firmware | * | |
zyxel | gs1900-48hpv2 | - | |
zyxel | gs1900-48_firmware | * | |
zyxel | gs1900-48 | - | |
zyxel | gs1900-24hpv2_firmware | * | |
zyxel | gs1900-24hpv2 | - | |
zyxel | gs1900-24ep_firmware | * | |
zyxel | gs1900-24ep | - | |
zyxel | gs1900-24e_firmware | * | |
zyxel | gs1900-24e | - | |
zyxel | gs1900-24_firmware | * | |
zyxel | gs1900-24 | - | |
zyxel | gs1900-16_firmware | * | |
zyxel | gs1900-16 | - | |
zyxel | gs1900-10hp_firmware | * | |
zyxel | gs1900-10hp | - | |
zyxel | gs1900-8hp_firmware | * | |
zyxel | gs1900-8hp | - | |
zyxel | gs1900-8_firmware | * | |
zyxel | gs1900-8 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACACFF77-1C3D-4DBA-A179-500B5602ED46", "versionEndExcluding": "2.80\\(abtq.1\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC74C679-6D22-47E4-AE8A-2647B1AA4276", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-48_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F2E6F4E-9DA0-4AFB-B4A3-7C3E611DA2FA", "versionEndExcluding": "2.80\\(aahn.1\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFB7D4BF-7D17-48D3-990D-4BADAC8BD868", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3539C1D-6C16-4DFB-A601-F5346071F4D7", "versionEndExcluding": "2.80\\(abtp.1\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*", "matchCriteriaId": "512D9A91-8DA7-47F1-AC77-AF743F99BFF3", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24ep_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF16626B-7BBE-4BFF-A60E-02B0B1243217", "versionEndExcluding": "2.80\\(abto.1\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*", "matchCriteriaId": "B22AA8B1-11E2-408F-A1F6-0F8AF32AB131", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8AE67A4-4CCE-4E95-840D-CB6F4F6FB00F", "versionEndIncluding": "2.80\\(aahk.1\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6456AD6-8A1D-4D3D-AC1A-ABE442242B1B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-24_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "441A359C-A00E-4B96-A321-F769259871B7", "versionEndIncluding": "2.80\\(aahl.1\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4F55299-70D5-4CE1-A1EC-D79B469B94F7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A657FCE5-BA80-4E22-934A-3B632A9200D7", "versionEndExcluding": "2.80\\(aahj.1\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*", "matchCriteriaId": "5078F7A5-D03B-4D3A-9C19-57DFF4D6BF7A", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4503BD65-51A5-4626-9076-021E6F7DF0B8", "versionEndExcluding": "2.80\\(aazi.1\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "89201505-07AF-4F9C-9304-46F2707DB9B4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "96F5E646-4DFD-4476-9D8B-9A8919C1F261", "versionEndExcluding": "2.80\\(aahi.1\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "27602862-EFB7-402B-994E-254A0B210820", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:zyxel:gs1900-8_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "87482A53-9933-4A0B-9831-F16AF9CBFB46", "versionEndExcluding": "2.80\\(aahh.1\\)c0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*", "matchCriteriaId": "51D33F50-B5A4-4AEF-972C-7FF089C21D52", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. This vulnerability could allow a LAN-based attacker a slight chance to gain a valid session token if multiple authenticated sessions are alive." }, { "lang": "es", "value": "Existe una vulnerabilidad de entrop\u00eda insuficiente causada por el uso indebido de una funci\u00f3n de aleatoriedad con baja entrop\u00eda para la generaci\u00f3n de tokens de autenticaci\u00f3n web en la versi\u00f3n de firmware V2.80(AAZI.0)C0 de Zyxel GS1900-10HP. Esta vulnerabilidad podr\u00eda permitir que un atacante basado en LAN tenga una peque\u00f1a posibilidad de obtener un token de sesi\u00f3n v\u00e1lido si hay varias sesiones autenticadas activas." } ], "id": "CVE-2024-38270", "lastModified": "2024-09-18T18:23:40.977", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "security@zyxel.com.tw", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2024-09-10T02:15:09.780", "references": [ { "source": "security@zyxel.com.tw", "tags": [ "Vendor Advisory" ], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficient-entropy-vulnerability-for-web-authentication-tokens-generation-in-gs1900-series-switches-09-10-2024" } ], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-331" } ], "source": "security@zyxel.com.tw", "type": "Primary" } ] }