All the vulnerabilites related to cisco - network_services_orchestrator
cve-2018-0463
Vulnerability from cvelistv5
Published
2018-10-05 14:00
Modified
2024-11-26 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Network Services Orchestrator |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180905 Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T18:53:26.786615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:39:29.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-05T13:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20180905 Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis"
}
],
"source": {
"advisory": "cisco-sa-20180905-nso-infodis",
"defect": [
[
"CSCvj50567",
"CSCvk74975"
]
],
"discovery": "UNKNOWN"
},
"title": "Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-09-05T16:00:00-0500",
"ID": "CVE-2018-0463",
"STATE": "PUBLIC",
"TITLE": "Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Network Services Orchestrator",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.9",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180905 Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis"
}
]
},
"source": {
"advisory": "cisco-sa-20180905-nso-infodis",
"defect": [
[
"CSCvj50567",
"CSCvk74975"
]
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0463",
"datePublished": "2018-10-05T14:00:00Z",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-11-26T14:39:29.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-1572
Vulnerability from cvelistv5
Published
2021-08-04 17:20
Modified
2024-11-07 22:05
Severity ?
EPSS score ?
Summary
A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT | vendor-advisory, x_refsource_CISCO | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco ConfD |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210804 Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT"
},
{
"name": "20210804 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:43:30.758700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T22:05:00.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco ConfD",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T18:18:19",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210804 Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT"
},
{
"name": "20210804 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4"
}
],
"source": {
"advisory": "cisco-sa-confd-priv-esc-LsGtCRx4",
"defect": [
[
"CSCvy43896"
]
],
"discovery": "INTERNAL"
},
"title": "ConfD CLI Secure Shell Server Privilege Escalation Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-08-04T16:00:00",
"ID": "CVE-2021-1572",
"STATE": "PUBLIC",
"TITLE": "ConfD CLI Secure Shell Server Privilege Escalation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco ConfD",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210804 Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT"
},
{
"name": "20210804 ConfD CLI Secure Shell Server Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4"
}
]
},
"source": {
"advisory": "cisco-sa-confd-priv-esc-LsGtCRx4",
"defect": [
[
"CSCvy43896"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1572",
"datePublished": "2021-08-04T17:20:09.937016Z",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-11-07T22:05:00.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3362
Vulnerability from cvelistv5
Published
2020-06-18 02:17
Modified
2024-11-15 17:00
Severity ?
EPSS score ?
Summary
A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Network Services Orchestrator |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:58.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200617 Cisco Network Services Orchestrator Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:27:34.268033Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:00:53.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-18T02:17:13",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200617 Cisco Network Services Orchestrator Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq"
}
],
"source": {
"advisory": "cisco-sa-nso-info-disclosure-WdNvBTNq",
"defect": [
[
"CSCvu17597"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Network Services Orchestrator Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-06-17T16:00:00",
"ID": "CVE-2020-3362",
"STATE": "PUBLIC",
"TITLE": "Cisco Network Services Orchestrator Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Network Services Orchestrator",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.7",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200617 Cisco Network Services Orchestrator Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq"
}
]
},
"source": {
"advisory": "cisco-sa-nso-info-disclosure-WdNvBTNq",
"defect": [
[
"CSCvu17597"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3362",
"datePublished": "2020-06-18T02:17:13.303988Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:00:53.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0274
Vulnerability from cvelistv5
Published
2018-06-07 12:00
Modified
2024-11-29 15:06
Severity ?
EPSS score ?
Summary
A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104449 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Cisco Network Services Orchestrator unknown |
Version: Cisco Network Services Orchestrator unknown |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:21:15.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104449",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104449"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-0274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T14:42:37.539097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T15:06:59.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator unknown",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Network Services Orchestrator unknown"
}
]
}
],
"datePublic": "2018-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-14T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "104449",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104449"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Network Services Orchestrator unknown",
"version": {
"version_data": [
{
"version_value": "Cisco Network Services Orchestrator unknown"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104449"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-0274",
"datePublished": "2018-06-07T12:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-11-29T15:06:59.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-20381
Vulnerability from cvelistv5
Published
2024-09-11 16:38
Modified
2024-09-27 13:58
Severity ?
EPSS score ?
Summary
A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.
This vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system.
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco IOS XR Software |
Version: 6.5.3 Version: 6.5.29 Version: 6.5.1 Version: 6.6.1 Version: 6.5.2 Version: 6.5.92 Version: 6.5.15 Version: 6.6.2 Version: 7.0.1 Version: 6.6.25 Version: 6.5.26 Version: 6.6.11 Version: 6.5.25 Version: 6.5.28 Version: 6.5.93 Version: 6.6.12 Version: 6.5.90 Version: 7.0.0 Version: 7.1.1 Version: 7.0.90 Version: 6.6.3 Version: 6.7.1 Version: 7.0.2 Version: 7.1.15 Version: 7.2.0 Version: 7.2.1 Version: 7.1.2 Version: 6.7.2 Version: 7.0.11 Version: 7.0.12 Version: 7.0.14 Version: 7.1.25 Version: 6.6.4 Version: 7.2.12 Version: 7.3.1 Version: 7.1.3 Version: 6.7.3 Version: 7.4.1 Version: 7.2.2 Version: 6.7.4 Version: 6.5.31 Version: 7.3.15 Version: 7.3.16 Version: 6.8.1 Version: 7.4.15 Version: 6.5.32 Version: 7.3.2 Version: 7.5.1 Version: 7.4.16 Version: 7.3.27 Version: 7.6.1 Version: 7.5.2 Version: 7.8.1 Version: 7.6.15 Version: 7.5.12 Version: 7.8.12 Version: 7.3.3 Version: 7.7.1 Version: 6.8.2 Version: 7.3.4 Version: 7.4.2 Version: 6.7.35 Version: 6.9.1 Version: 7.6.2 Version: 7.5.3 Version: 7.7.2 Version: 6.9.2 Version: 7.9.1 Version: 7.10.1 Version: 7.8.2 Version: 7.5.4 Version: 6.5.33 Version: 7.8.22 Version: 7.7.21 Version: 7.9.2 Version: 7.3.5 Version: 7.5.5 Version: 7.11.1 Version: 7.9.21 Version: 7.10.2 Version: 24.1.1 Version: 7.6.3 Version: 7.3.6 Version: 7.5.52 Version: 7.11.2 Version: 24.2.1 Version: 24.1.2 Version: 24.2.11 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "network_services_orchestrator",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "5.4.1"
},
{
"status": "affected",
"version": "5.3.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_rv_series_router_firmware",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.0.01.17"
},
{
"status": "affected",
"version": "1.0.03.17"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xr",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.29"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.5.28"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "6.6.12"
},
{
"status": "affected",
"version": "6.5.90"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T03:55:16.289362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T13:58:21.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.29"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.15"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.5.26"
},
{
"status": "affected",
"version": "6.6.11"
},
{
"status": "affected",
"version": "6.5.25"
},
{
"status": "affected",
"version": "6.5.28"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "6.6.12"
},
{
"status": "affected",
"version": "6.5.90"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "6.5.31"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "6.5.32"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.8.12"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "6.5.33"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.6.3"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.5.52"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "5.4.1"
},
{
"status": "affected",
"version": "5.3.1"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "5.2.1.1"
},
{
"status": "affected",
"version": "5.4.0.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "5.2.0.3"
},
{
"status": "affected",
"version": "5.2.1"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "5.4.0.2"
},
{
"status": "affected",
"version": "4.7.3"
},
{
"status": "affected",
"version": "5.2.0.4"
},
{
"status": "affected",
"version": "5.1.1.1"
},
{
"status": "affected",
"version": "5.1.1.3"
},
{
"status": "affected",
"version": "5.2.3.2"
},
{
"status": "affected",
"version": "5.4.1.1"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "5.4.2"
},
{
"status": "affected",
"version": "5.5.1"
},
{
"status": "affected",
"version": "5.4.3"
},
{
"status": "affected",
"version": "5.4.3.1"
},
{
"status": "affected",
"version": "5.5.2"
},
{
"status": "affected",
"version": "5.3.4.3"
},
{
"status": "affected",
"version": "5.5.2.1"
},
{
"status": "affected",
"version": "5.5.2.2"
},
{
"status": "affected",
"version": "5.4.3.2"
},
{
"status": "affected",
"version": "5.5.2.3"
},
{
"status": "affected",
"version": "5.4.4"
},
{
"status": "affected",
"version": "5.4.4.1"
},
{
"status": "affected",
"version": "5.5.2.4"
},
{
"status": "affected",
"version": "5.5.2.5"
},
{
"status": "affected",
"version": "5.5.2.6"
},
{
"status": "affected",
"version": "5.4.4.2"
},
{
"status": "affected",
"version": "5.4.3.3"
},
{
"status": "affected",
"version": "5.5.2.7"
},
{
"status": "affected",
"version": "5.5.2.8"
},
{
"status": "affected",
"version": "5.4.3.4"
},
{
"status": "affected",
"version": "5.4.4.3"
},
{
"status": "affected",
"version": "5.6"
},
{
"status": "affected",
"version": "5.5.2.9"
},
{
"status": "affected",
"version": "5.5.3"
},
{
"status": "affected",
"version": "5.5.2.10"
},
{
"status": "affected",
"version": "5.6.1"
},
{
"status": "affected",
"version": "5.5.2.11"
},
{
"status": "affected",
"version": "5.6.2"
},
{
"status": "affected",
"version": "5.5.3.1"
},
{
"status": "affected",
"version": "5.4.5"
},
{
"status": "affected",
"version": "5.4.5.1"
},
{
"status": "affected",
"version": "5.5.4"
},
{
"status": "affected",
"version": "5.6.3"
},
{
"status": "affected",
"version": "5.5.4.1"
},
{
"status": "affected",
"version": "5.7"
},
{
"status": "affected",
"version": "5.5.2.12"
},
{
"status": "affected",
"version": "5.4.2.1"
},
{
"status": "affected",
"version": "5.6.3.1"
},
{
"status": "affected",
"version": "5.4.5.2"
},
{
"status": "affected",
"version": "5.7.1"
},
{
"status": "affected",
"version": "5.7.1.1"
},
{
"status": "affected",
"version": "5.6.4"
},
{
"status": "affected",
"version": "5.4.2.2"
},
{
"status": "affected",
"version": "5.4.6"
},
{
"status": "affected",
"version": "5.7.2"
},
{
"status": "affected",
"version": "5.7.2.1"
},
{
"status": "affected",
"version": "5.6.5"
},
{
"status": "affected",
"version": "5.5.5"
},
{
"status": "affected",
"version": "5.7.3"
},
{
"status": "affected",
"version": "5.8"
},
{
"status": "affected",
"version": "5.6.6.1"
},
{
"status": "affected",
"version": "5.7.5.1"
},
{
"status": "affected",
"version": "5.6.7.1"
},
{
"status": "affected",
"version": "5.6.7"
},
{
"status": "affected",
"version": "5.5.6.1"
},
{
"status": "affected",
"version": "5.8.1"
},
{
"status": "affected",
"version": "5.6.6"
},
{
"status": "affected",
"version": "5.4.7"
},
{
"status": "affected",
"version": "5.8.2.1"
},
{
"status": "affected",
"version": "5.7.5"
},
{
"status": "affected",
"version": "5.7.4"
},
{
"status": "affected",
"version": "5.8.2"
},
{
"status": "affected",
"version": "5.5.6"
},
{
"status": "affected",
"version": "5.6.7.2"
},
{
"status": "affected",
"version": "5.7.6"
},
{
"status": "affected",
"version": "5.7.6.1"
},
{
"status": "affected",
"version": "5.8.3"
},
{
"status": "affected",
"version": "5.6.8"
},
{
"status": "affected",
"version": "5.7.6.2"
},
{
"status": "affected",
"version": "5.8.4"
},
{
"status": "affected",
"version": "5.5.7"
},
{
"status": "affected",
"version": "5.7.7"
},
{
"status": "affected",
"version": "5.6.9"
},
{
"status": "affected",
"version": "5.6.8.1"
},
{
"status": "affected",
"version": "5.8.5"
},
{
"status": "affected",
"version": "5.5.8"
},
{
"status": "affected",
"version": "5.7.8"
},
{
"status": "affected",
"version": "5.4.7.1"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "5.7.8.1"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "5.6.10"
},
{
"status": "affected",
"version": "5.8.6"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "5.7.9"
},
{
"status": "affected",
"version": "5.5.9"
},
{
"status": "affected",
"version": "5.6.11"
},
{
"status": "affected",
"version": "5.8.7"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "5.7.10"
},
{
"status": "affected",
"version": "5.6.12"
},
{
"status": "affected",
"version": "5.8.8"
},
{
"status": "affected",
"version": "6.0.4"
},
{
"status": "affected",
"version": "5.5.10"
},
{
"status": "affected",
"version": "5.7.10.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "5.7.6.3"
},
{
"status": "affected",
"version": "5.7.11"
},
{
"status": "affected",
"version": "6.0.5"
},
{
"status": "affected",
"version": "5.6.13"
},
{
"status": "affected",
"version": "5.8.9"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "5.7.10.2"
},
{
"status": "affected",
"version": "6.0.6"
},
{
"status": "affected",
"version": "5.7.12"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "5.6.14"
},
{
"status": "affected",
"version": "6.1.2.1"
},
{
"status": "affected",
"version": "5.8.10"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "5.7.13"
},
{
"status": "affected",
"version": "5.8.11"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.0.8"
},
{
"status": "affected",
"version": "6.1.4"
},
{
"status": "affected",
"version": "5.6.14.1"
},
{
"status": "affected",
"version": "5.8.12"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "5.8.13"
},
{
"status": "affected",
"version": "5.7.14"
},
{
"status": "affected",
"version": "6.0.10"
},
{
"status": "affected",
"version": "6.1.6"
},
{
"status": "affected",
"version": "6.1.6.1"
},
{
"status": "affected",
"version": "6.0.11"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "5.7.15"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.1.7.1"
},
{
"status": "affected",
"version": "6.0.12"
},
{
"status": "affected",
"version": "6.1.8"
},
{
"status": "affected",
"version": "5.7.9.1"
},
{
"status": "affected",
"version": "5.7.15.1"
},
{
"status": "affected",
"version": "6.1.10"
},
{
"status": "affected",
"version": "6.1.11"
},
{
"status": "affected",
"version": "5.1.4.3"
},
{
"status": "affected",
"version": "6.1.11.1"
},
{
"status": "affected",
"version": "6.1.11.2"
},
{
"status": "affected",
"version": "5.7.17"
},
{
"status": "affected",
"version": "6.1.12"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Small Business RV Series Router Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.01.17"
},
{
"status": "affected",
"version": "1.0.03.17"
},
{
"status": "affected",
"version": "1.0.01.16"
},
{
"status": "affected",
"version": "1.0.01.18"
},
{
"status": "affected",
"version": "1.0.00.29"
},
{
"status": "affected",
"version": "1.0.03.16"
},
{
"status": "affected",
"version": "1.0.03.15"
},
{
"status": "affected",
"version": "1.0.02.16"
},
{
"status": "affected",
"version": "1.0.01.20"
},
{
"status": "affected",
"version": "1.0.00.33"
},
{
"status": "affected",
"version": "1.0.03.18"
},
{
"status": "affected",
"version": "1.0.03.19"
},
{
"status": "affected",
"version": "1.0.03.20"
},
{
"status": "affected",
"version": "1.0.03.21"
},
{
"status": "affected",
"version": "1.0.03.22"
},
{
"status": "affected",
"version": "1.0.03.24"
},
{
"status": "affected",
"version": "1.0.03.26"
},
{
"status": "affected",
"version": "1.0.03.27"
},
{
"status": "affected",
"version": "1.0.03.28"
},
{
"status": "affected",
"version": "1.0.03.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T16:24:52.271Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nso-auth-bypass-QnTEesp",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp"
}
],
"source": {
"advisory": "cisco-sa-nso-auth-bypass-QnTEesp",
"defects": [
"CSCwj26769"
],
"discovery": "INTERNAL"
},
"title": "Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20381",
"datePublished": "2024-09-11T16:38:42.096Z",
"dateReserved": "2023-11-08T15:08:07.656Z",
"dateUpdated": "2024-09-27T13:58:21.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44228
Vulnerability from cvelistv5
Published
2021-12-10 00:00
Modified
2024-08-04 04:17
Severity ?
EPSS score ?
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Log4j2 |
Version: 2.0-beta9 < log4j-core* |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"name": "DSA-5020",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"name": "FEDORA-2021-f0f501d01f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
},
{
"name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "VU#930724",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"name": "FEDORA-2021-66d6c484f3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
},
{
"name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/23"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213189"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"name": "20220721 Open-Xchange Security Advisory 2022-07-21",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/11"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
},
{
"name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Log4j2",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "2.3.1",
"status": "unaffected"
},
{
"at": "2.4",
"status": "affected"
},
{
"at": "2.12.2",
"status": "unaffected"
},
{
"at": "2.13.0",
"status": "affected"
},
{
"at": "2.15.0",
"status": "unaffected"
}
],
"lessThan": "log4j-core*",
"status": "affected",
"version": "2.0-beta9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team."
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
}
],
"metrics": [
{
"other": {
"content": {
"other": "critical"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-03T00:00:00",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"name": "DSA-5020",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"name": "FEDORA-2021-f0f501d01f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
},
{
"name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
"tags": [
"vendor-advisory"
],
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "VU#930724",
"tags": [
"third-party-advisory"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
},
{
"url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
},
{
"url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
},
{
"url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
},
{
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
},
{
"url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"name": "FEDORA-2021-66d6c484f3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
},
{
"url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
},
{
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
},
{
"url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
},
{
"name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/23"
},
{
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"url": "https://support.apple.com/kb/HT213189"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
},
{
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"name": "20220721 Open-Xchange Security Advisory 2022-07-21",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/11"
},
{
"url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
},
{
"url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
},
{
"name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/2"
},
{
"url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-44228",
"datePublished": "2021-12-10T00:00:00",
"dateReserved": "2021-11-26T00:00:00",
"dateUpdated": "2024-08-04T04:17:24.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20040
Vulnerability from cvelistv5
Published
2023-01-19 01:37
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group.
This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition.
Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco Network Services Orchestrator |
Version: 4.7.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-nso-path-trvsl-zjBeMkZg",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Network Services Orchestrator",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group.\r\n\r This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition. \r\n\r Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:36.087Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nso-path-trvsl-zjBeMkZg",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg"
}
],
"source": {
"advisory": "cisco-sa-nso-path-trvsl-zjBeMkZg",
"defects": [
"CSCwb11065"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20040",
"datePublished": "2023-01-19T01:37:34.592Z",
"dateReserved": "2022-10-27T18:47:50.316Z",
"dateUpdated": "2024-08-02T08:57:35.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-09-11 17:15
Modified
2024-10-08 21:43
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.
This vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FD2C84-CD64-4C1C-BC38-2F7A2A6EEF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE98B34-501B-449A-843A-58F297EDBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "582B1A3D-68F5-4047-98B2-FEC2A9569828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAABB7C-DD62-418F-9CD3-B868913453AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "DECAACAE-0DFF-43CE-83AF-84FEABAB2CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9EE8F5-2F17-45E8-91BD-9DB5EE97B0CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C1199B-57C2-4076-A612-5F75AE46B3D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB20C4D-F8AD-4887-8B73-07495439BA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "EE3676F8-475D-4C5D-A932-633E55A1C115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "13E2915D-36F8-4AFE-A2E0-59A8DF87A101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.90:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6FF116-1FFB-4960-942E-A1A16ACEA7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFC77F8-4131-42E1-93A4-13149BDCDC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.93:*:*:*:*:*:*:*",
"matchCriteriaId": "676F3DD0-6081-4C37-8E4F-210BC59C3C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36944A2B-E4F5-41DE-AC4D-55BFA603BE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6EA55E-05BA-483F-AAE1-DD573D22D6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BC51CBC1-3303-43EF-B617-AD0C59E36000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C710E576-B368-41C9-88A8-75D88E00F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB06AB15-7F91-4B17-BBBD-AC4E4D1EBF9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1D7FA61-7D81-4FF3-827C-A97D35AB541B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "870B498C-3358-4EC0-B75A-B9A5D1DD40DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "95BB2A02-11B4-48C1-97D7-25A9DF28ABB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.7.35:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CEC350-6245-453D-BB6D-79D444E1A5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "004286E0-375F-4385-87EB-0C74BD9CAF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B255442-4F12-41A1-8050-B805AAE65947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FBA2B4-490F-4A00-8967-063F91F197E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93125F1D-0CE5-423F-A73E-46F2A91E5FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00D33162-F298-4B99-A3D4-283A2A4FA091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F70AB37-3C0B-40A8-BC37-5A79DA5F45F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "921B3622-76A3-4D9F-936C-25A965CE1A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "56092600-ABD2-4703-BA00-9DD0AE09B46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B7EEF2-9B6A-43FC-8DBE-F82B8E01BCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5C0909-27D8-4B6E-A644-9B8ADFA24266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E90BEFD1-AAA5-4D39-A180-4B5ED3427AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B842317-A5DB-4890-948A-DD26B7AE2540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00EA89C8-AAE8-48F1-91E4-7AE46083A802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "48928FFF-871C-4C07-8352-8C802FAD8F53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "06FDB11D-C54D-4654-8142-B50D306A6A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84BABFE7-1350-4FB0-B9ED-5F08E386BC40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FE3667-1B5E-48FB-B3BB-1C1854FFEE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0370A9-E422-4109-81A3-DE2118A20827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3E20F814-87D4-41A5-B0A0-30AC6C6F2BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82CD7F68-9569-43F4-88ED-96F9A15C065D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4C062-F816-41FE-ADAD-F994F4FA4A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A07E9C56-D143-45FA-99FF-30F54A828BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F406EAA7-0607-419F-97E3-7ACEC8A3FA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9D0641-28F8-4CCB-AEC3-205409D1704A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA7B4C-8FDD-4053-B37B-E5E0969C0CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D21DEFD5-EC43-496B-BBE1-C71C6055BC04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "83150BDE-63B7-4B36-8584-E2E950E878CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "8511927B-4297-47BA-BC02-6250BC40DF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40C6D7C4-A5D9-4365-9664-EF35586925AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC41A004-2029-4E22-A88F-2B93D9786B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2E19F529-B25B-4B4B-879B-872D45C7C3B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D501F5A6-4E23-4A9F-A550-37BB94691687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F7D7FD-24A8-4DD4-8280-A18244059F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7448D1-BC19-45AB-BF6F-3434F8CA2CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A057808-1BCA-4C7C-A2D9-0BD5B09D20F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D09FC0-73C5-4F7A-8013-0B0E5CC834FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA4A8AF-348D-4F90-B1CB-AE784E0A6EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "23A66FF7-9BAB-40DA-8B90-C3C271D7E893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.52:*:*:*:*:*:*:*",
"matchCriteriaId": "88776859-57A0-4422-8D23-A09D64E72F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C95648D-A37A-446B-B106-12612C00A34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF31489-C029-4D4C-8401-26873FC469E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2F79CAFA-73B0-4589-9938-B7898071279C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "43AA14EF-3240-442E-935A-DF455FB107D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1807BE16-BAA9-4BC6-B98A-13D584A12821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "375746CB-695E-4019-89C9-42ED37A5E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7D05C0-4065-448B-AAC6-F29E379F3DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8ADA2B1-FD5A-4900-953B-30951C8EF9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4C7223-3EFB-48C2-BE22-941F60826D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9A14959D-63E1-4B5A-BB7F-A9A2AF3F1137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE83701-C0B7-4ED2-866B-44B7F54FCA0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "164B241C-397A-4921-BC5B-F928A21E91C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "87EF9DC5-4BE2-429D-B9BA-EF9F29E7E0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEC28C0-8091-49F9-88D1-CB96234BF52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1ED2B72-A65C-47E4-87B3-D83F29428396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8904CAA5-4E01-462C-AE57-067902CD95FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7750EA99-EC55-4F94-8730-18583647BBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE8E968-111F-4F57-93D3-E509AB540B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B342A550-8600-45CF-8B9A-530770C9A0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D64E1C4D-46B0-4A18-B8EE-BEA732CBF1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "11288A28-F0CF-4FEC-A0B7-3D93866F01FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E443700B-7420-4959-8781-29A961DE3144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A41FC95-2C56-41FE-9C1B-853E7D685024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C41EF180-BDD5-459B-A3FA-3A34E34A8672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2714BDA1-C8C6-46FB-9467-8AE2E4545753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E525F90-EC23-4625-9A9F-0A924D0C4D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F07294F0-BDB0-426B-8C37-737C9EB4E605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF1323A-CD68-4CD9-A8D8-7966399DB432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2331E2-7ED7-49A4-93DE-A7D3D5E63CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC7C531-EB15-48CB-B38E-2BA17D6637FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BCD116-1AE8-4DA4-9B64-B552EFF23C2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "413626AE-64BD-4A3D-8D59-ADD65EFCCA44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A71B27F-1A89-4E35-BA75-695DE524B4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E8040D-FA4A-44BD-BD20-2A76CC6507AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "765BBD25-32E8-486B-8380-67A5424E4943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B6CCEB57-23E8-455F-A2EC-2C4478E1CCE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F53CA675-2B6A-4AF0-B47A-9CF131914D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F1E3B6-75B4-4A65-A94C-14A5BE5D646E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F91B24FC-A609-4EE9-8D34-CD1B299E7B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4C10EB-D35C-4A89-98A8-91AE7294A704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802BC39C-C12B-457F-9146-6714EB3A6B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6BBC9B-3CF2-4FCC-B05E-9CCFEAEB0444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2DF3DDC-D4DE-4C57-A268-3F76D5C187AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82400920-83E5-4CEA-B82C-3565F51A8AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D60C892-4637-4C1D-A409-D387293148E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A58DBD73-7EB9-4037-9958-AB86B1B89FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B54847A-2DDA-4732-83CA-A7C5B712F8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8EDA7A-2225-434C-92FB-46811B86E8AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "156A30C4-43FE-4FEB-B02E-091D52219FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD917986-623C-40F0-9259-7C1C8DAB7FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A252665A-9552-4E5A-8E2D-91367935243A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEC76C9-943E-493D-8CB3-52CFF1A72B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06CAC133-30EF-46B7-891A-A9BB491A28BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0610DF-ED6B-4CE0-B370-BBB0E304F4EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B0392BF-9CE5-4100-B693-63396A0B4B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBF62D1-DF1B-4AF6-BC49-AB9466308EB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF057C73-364F-4F2D-962B-2AA1D85ED7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DBC58D-9DCD-42A5-99D6-07D3596795A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E6BA26-1B17-4E73-A296-F54961B0ACF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F85FA2F-AEBF-4E2C-957E-DE7A9A1C02EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB4824C6-B348-44B9-A8AD-CAC1F6A563CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3ABACE44-9BAE-4095-9295-91C07DBE595D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64EB1AD9-9113-4B16-AE62-C0F0DFBEB018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "23CE49FB-254A-4E44-B517-6C288B711F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF11B736-689B-4C7F-A1F3-CD97A094F43F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D3D6E8-5143-4628-84FA-848621ADEC63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2E2B31-CB8A-4951-AF08-CFA80E8B27FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7116FF-1330-4A46-AF91-2C5D27B1318D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7154C5-A846-4886-81FF-64214FED7D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "295C0732-456E-4F07-8A38-5957948817EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "403FE9A9-E2A3-433E-B548-8D95651E7C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C835D3D2-E6AD-440E-A2F5-082F4C99153B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "58F8CDAD-EAEC-4797-A21D-8ABF16B32475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1B0F01-0271-4BBD-9889-DEE18BAD5AF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F66603-F8EF-4CA1-9879-42E99C210BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "309CA68A-C1F4-439A-98D3-741935B8CC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA46058-3BE0-4BC1-82CA-0AE53A80F3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "144C1FCD-2447-4E07-BD2B-871EC06354F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87EFD8DD-FD2B-4E0A-8303-17DB29E7F5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FA1FB8-C19E-43D6-84A7-F897160C26A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B71D5A54-601E-42A0-AB91-D1E761E0744E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6998BB-36BA-4810-9B71-ECA7F33E0016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3ACECC-02D8-4BC3-B078-1BADA71E1DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA03D9B-31BC-45F5-990A-874AE3DCAA36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BCA19CDA-271E-4595-AD80-770B4538BA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0D050B2A-27E4-44BF-93B5-0E6BB468D7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70FC4BAB-3B19-4BCA-9D42-1B98F9838152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C84A3BFC-6EB7-4033-98DA-29AEBD99CC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C093AC95-6AF3-4DC0-908F-ADF772E4F666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E5028C-382E-4A03-9A43-F7209BD97539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72232584-47D2-4F3F-BFB8-1095E6724C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E9443CC5-E05C-4A18-ACD9-C19B6E6418BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA243285-5232-4A98-B9BE-B12CD3587FF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB01732E-6DB7-412B-A637-48E0172E6C96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "55B68999-C474-4B21-9111-3260E0F18BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "932CCBCA-DF46-452F-ABCB-C5C3175FA85F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D92B9DB-E9C5-4001-8447-5C2472688194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91C0DDE0-E180-4AE2-940A-0C89EF7DB4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC224D85-8E47-4A58-A4C9-5D41DDB9D73A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "199C8B23-6D39-492C-993E-6225286A0A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9399BB6-714F-4DEA-8ECC-2D0893B672DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "98602BBC-C114-418B-B88D-D4AD339B290A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4CBD78F0-B77C-4148-A3B2-0C6016930939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F05686-485D-439C-BEA9-926FAB21F12E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "73C8D395-56A0-4566-847B-7D5C4B2C42B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.6.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D92EC730-B1F6-4EAC-BBEF-B5D9C4C85E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1145978F-E24C-47ED-84FC-2AFFBC272DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF994951-C059-4EE9-8591-0695A96A0BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEC30FD-F737-4E66-9C01-95BA35514568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA4D17C-F749-4EB5-8286-E0E4AA44493A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "391047D2-AF48-422D-972E-F223291ABD68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A49A79FA-8AEF-44C3-8699-4CEC4D766904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "19AE4D74-EC42-4B22-A797-61BDBCADF924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF753CA-96BE-48AD-B270-759B5A18DAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F189855-3A32-41EB-9443-FDDE4A89F5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1025F731-68B9-45AD-A241-5D1495A29BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "800E3600-ADCA-4E34-9577-C72D16A2066E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "705000A2-856C-4D55-8110-2CBFF703C8D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7C68D55F-DA33-4399-9B7D-9554BFAB406C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8B622A5A-E399-41D8-8793-AFBB8EE75B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "90BA565B-2CA1-450C-B70A-674E0ADDF064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D70D77E-525B-4BC6-B3AE-F8A44FEC61AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "918BA5DD-7471-435D-B63B-502EB376F85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0317414-CCA7-4FAC-913D-F4C00705EA57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2E065BC8-435E-4839-9567-E5FDBF661205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C4FCC3F-F93C-42B2-B8D2-99BCF4DEB635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "179C0976-C7FC-42C7-83E5-86EC9B5D532C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8DCE317C-C735-42E2-9DB3-BD196BA76D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC45034-E4BE-4F06-8309-E549E0D9B562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E05877D6-C2C6-41CD-A991-744D118D3002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C166F45B-D549-4923-AB36-92B3CA62CBB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F97DD8-908D-463E-A450-6C779654F000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15E92D58-E51B-4342-964F-C000BD71BF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BE2AA5-4CF8-4D0A-B352-BE14726F3BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF61782-327C-4318-A4D1-DCB18CD835B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E8DD03-132C-4817-B933-2407B5E0AD7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85101BB8-0B1C-4427-8036-9010D1ECE540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "496BA920-9C48-421C-A57F-BE9D915AD579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "68C9ADE2-55B2-4DF0-8260-442FE5A9793E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B88C8BB-4F6A-46A8-A497-9C60ECEE1007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CE403468-28B3-4D77-A9D7-1EE6D76CE471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF76BE52-F087-4CA5-8C24-8BC2F1C97095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AA8354-B5EF-4531-BAD5-DD93B2B3D4AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C21305D6-69A0-404F-89DC-A0E86F80E697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CE99795F-00D9-42F4-815D-19E521082BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "45C6B391-8090-4497-9EC9-4FD94AAC68DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "151E7ABB-C721-4D6A-B3BD-68940759E82C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAA2184-FAEF-4922-9BAB-852877668DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1C051D85-8C16-491B-85A9-0FC1E145C26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12372956-7A20-41A8-99AC-681CEAF3CDC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "068388B1-70D0-4564-A522-674DC5841A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30FAE307-7F0B-4EE2-952C-ECC8BA23182D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44965AAD-ED9A-4B36-B3BD-BE7847F4B792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB064EC-1DFE-4867-996A-07B5A79DCF23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "68BF41E7-5FDF-4CC6-8FF0-CFE38F6389CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4EABC1-BBBD-4071-B2CA-907B6308860E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A75324A4-4D55-4BB6-9339-A03043180792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "219EC420-2380-4F9D-B82F-5CFA269775A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "990B90E2-10A8-42EA-B4EB-F732DED56228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "32CF825B-3833-4C72-B184-7A632EDBD44F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BA216821-8CBB-4516-8A14-D2BCF5788370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1579B285-C10F-41AB-A1AD-EC5F90B20B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "63F2B96F-260C-4B52-B13A-062829EC9606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D03E31-1D49-4E2C-B4D1-36C5FDEB49A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC39C270-F394-45D7-AEF1-90B0BD79196F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61F637D6-B3E9-4360-BF15-4DF0578FB44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49E7F783-AB7E-4AAC-AB55-2A583F12F304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88604B7A-5229-4AE0-A9CE-26807EE8462F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF72DE28-B9B9-4610-9134-815F9ECA91B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9E6216-ABF2-423C-AF6A-8CA2A59C727F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "33CE392E-4967-4642-8684-255D3F1495A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7278073E-4120-4F18-B1F2-BB7CD3906036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D43C8648-6252-4F46-83F6-2AB426B9EE0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A0DC561-807C-403D-8411-10D29452B556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F82F88-BF9E-46F6-89EE-EF40A52AC3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BAB7B15-928C-46EE-9492-5A90F90B2AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "11EA9560-627B-481F-9D4A-50D3405EECD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D3F11CA7-FDA9-4619-8348-6D64AE7F0B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "90A9E632-E565-495C-9320-B60C0453255E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF233BA-F8C3-42A4-8B4A-4B8E30D8BFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88FEF411-FBD1-4325-80B7-7332404E394D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "96648453-E5C8-4918-8F41-96D42E1BFFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "450ADE1F-34F3-4D70-9751-2F5B218E4DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A48EF6BA-EAA4-4003-AEE9-022640F2DE17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.00.29:*:*:*:*:*:*:*",
"matchCriteriaId": "786614DB-8964-4884-9E0A-193C89D417D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.00.33:*:*:*:*:*:*:*",
"matchCriteriaId": "36B965F4-8FB6-407C-9B88-53FE29DEF602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.01.16:*:*:*:*:*:*:*",
"matchCriteriaId": "AD660011-2247-4F85-BA11-1DB838506AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.01.17:*:*:*:*:*:*:*",
"matchCriteriaId": "01EFE926-5578-40D7-851D-001F16CE28A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.01.18:*:*:*:*:*:*:*",
"matchCriteriaId": "743F3329-FAB7-482C-BD92-5C0C619BA53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.01.20:*:*:*:*:*:*:*",
"matchCriteriaId": "12716096-EB28-4677-AAA9-53F522450BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.02.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB289D6-3B6F-4390-A48D-1585C4D17771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.03.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FE174F74-9CA2-4099-9C36-62F442F17EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.03.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A8DA1B-25AC-4720-A9F2-0F0C20FB064B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.03.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F21E0381-D214-42C2-824D-140DC25961F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.03.18:*:*:*:*:*:*:*",
"matchCriteriaId": "058A5EA8-4B92-4FC9-B7A2-2C0AD98E86F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.03.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4CFAA7D9-44BC-4E66-8E5C-C09077A6B9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.03.20:*:*:*:*:*:*:*",
"matchCriteriaId": "543D0D44-2738-4879-A175-B062B6DD4F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.03.21:*:*:*:*:*:*:*",
"matchCriteriaId": "29D4A2D7-7FE7-48D5-A851-AC4A182A4C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.03.22:*:*:*:*:*:*:*",
"matchCriteriaId": "74B7A5F1-31FA-4E38-BCB4-4BBA3EA043E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.03.24:*:*:*:*:*:*:*",
"matchCriteriaId": "61782FA1-1755-4EDE-AEF1-242576D42D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.03.26:*:*:*:*:*:*:*",
"matchCriteriaId": "DB56C4B6-49B4-4F2D-8C9A-A2C2CEE6B08E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.03.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2BABC34E-7579-4ABF-A67C-15E781400A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.03.28:*:*:*:*:*:*:*",
"matchCriteriaId": "274BDB13-1477-44BB-A71E-965491FE63A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:1.0.03.29:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D6D4EA-3873-4A3E-8226-0B2FBD91D85F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n API JSON-RPC en ConfD que utilizan las interfaces de administraci\u00f3n basadas en web de Cisco Crosswork Network Services Orchestrator (NSO), Cisco Optical Site Manager y Cisco RV340 Dual WAN Gigabit VPN Routers podr\u00eda permitir que un atacante remoto autenticado modifique la configuraci\u00f3n de una aplicaci\u00f3n o dispositivo afectado. Esta vulnerabilidad se debe a comprobaciones de autorizaci\u00f3n incorrectas en la API. Un atacante con privilegios suficientes para acceder a la aplicaci\u00f3n o dispositivo afectado podr\u00eda explotar esta vulnerabilidad enviando solicitudes maliciosas a la API JSON-RPC. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante realizar modificaciones no autorizadas a la configuraci\u00f3n de la aplicaci\u00f3n o dispositivo afectado, incluida la creaci\u00f3n de nuevas cuentas de usuario o la elevaci\u00f3n de sus propios privilegios en un sistema afectado."
}
],
"id": "CVE-2024-20381",
"lastModified": "2024-10-08T21:43:28.757",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-11T17:15:12.403",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-auth-bypass-QnTEesp"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-07 12:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/104449 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104449 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | network_services_orchestrator | * | |
| cisco | network_services_orchestrator | * | |
| cisco | network_services_orchestrator | * | |
| cisco | network_services_orchestrator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "494774C5-C031-4F0C-BE18-C434E722F1EE",
"versionEndIncluding": "4.1.6.0",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "504C4F49-BF41-4D8B-9593-E70BC760176E",
"versionEndIncluding": "4.2.4.0",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2294CC50-7D2E-4090-B34C-440B95ECAEBD",
"versionEndIncluding": "4.3.3.0",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA1BD2B7-EA58-492E-8EF7-573567B07D93",
"versionEndIncluding": "4.4.2.0",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el analizador de la interfaz de l\u00ednea de comandos de Cisco Network Services Orchestrator (NSO) podr\u00eda permitir que un atacante remoto autenticado ejecute comandos shell arbitrarios con los privilegios del usuario root. Esta vulnerabilidad se debe a una validaci\u00f3n de entradas insuficiente. Un atacante podr\u00eda explotar esta vulnerabilidad inyectando argumentos maliciosos en comandos vulnerables. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante ejecute comandos arbitrarios con privilegios root en el sistema afectado. Esta vulnerabilidad afecta a los siguientes lanzamientos de Cisco Network Services Orchestrator (NSO): 4.1 hasta 4.1.6.0, 4.2 hasta 4.2.4.0, 4.3 hasta 4.3.3.0 y 4.4 hasta 4.4.2.0. Cisco Bug IDs: CSCvf99982."
}
],
"id": "CVE-2018-0274",
"lastModified": "2024-11-21T03:37:52.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-07T12:29:00.340",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104449"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-18 03:15
Modified
2024-11-21 05:30
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | network_services_orchestrator | * | |
| cisco | network_services_orchestrator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCE3A91-9C74-4B30-9559-6DEBB45F3E5A",
"versionEndExcluding": "4.7.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41099C1F-E26C-4B42-8F51-4B6727D54246",
"versionEndExcluding": "5.1.4.2",
"versionStartIncluding": "5.1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la CLI de Cisco Network Services Orchestrator (NSO), podr\u00eda permitir a un atacante local autenticado acceder a informaci\u00f3n confidencial sobre un dispositivo afectado. La vulnerabilidad es debido a un problema de sincronizaci\u00f3n en el procesamiento de los comandos de la CLI. Un atacante podr\u00eda explotar esta vulnerabilidad al ejecutar una secuencia espec\u00edfica de comandos en la CLI. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante leer la informaci\u00f3n de configuraci\u00f3n que normalmente ser\u00eda accesible solo para administradores"
}
],
"id": "CVE-2020-3362",
"lastModified": "2024-11-21T05:30:52.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-18T03:15:14.607",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-info-disclosure-WdNvBTNq"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-20 07:15
Modified
2024-11-21 07:40
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Summary
A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group.
This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition.
Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | network_services_orchestrator | * | |
| cisco | network_services_orchestrator | * | |
| cisco | network_services_orchestrator | * | |
| cisco | network_services_orchestrator | * | |
| cisco | network_services_orchestrator | 5.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4BE422F-6650-403F-A560-EBA884C15FAF",
"versionEndExcluding": "5.4.7",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB986CDE-4BCD-4A2D-99DB-BE900BA7F58C",
"versionEndExcluding": "5.5.6",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5ABFC42-5078-4C13-A912-A83C96E72D05",
"versionEndExcluding": "5.6.7",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93EC0F10-628A-42D7-BC3D-4110FB6F9D53",
"versionEndExcluding": "5.7.4",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF61782-327C-4318-A4D1-DCB18CD835B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group.\r\n\r This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition. \r\n\r Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el servicio NETCONF de Cisco Network Services Orchestrator (NSO) podr\u00eda permitir que un atacante remoto autenticado provoque una denegaci\u00f3n de servicio (DoS) en un sistema afectado que se ejecuta como usuario ra\u00edz. Para aprovechar esta vulnerabilidad, el atacante debe ser miembro del grupo de administraci\u00f3n. Esta vulnerabilidad existe porque la entrada proporcionada por el usuario no se valida correctamente cuando se utiliza NETCONF para cargar paquetes en un dispositivo afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad cargando un archivo de paquete especialmente manipulado. Un exploit exitoso podr\u00eda permitir al atacante escribir archivos manipulados en ubicaciones arbitrarias del sistema de archivos o eliminar archivos arbitrarios del sistema de archivos de un dispositivo afectado, lo que resultar\u00eda en una condici\u00f3n DoS. Nota: De forma predeterminada, durante la instalaci\u00f3n, Cisco NSO se configurar\u00e1 para ejecutarse como usuario ra\u00edz a menos que se utilice la opci\u00f3n --run-as-user."
}
],
"id": "CVE-2023-20040",
"lastModified": "2024-11-21T07:40:24.957",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-20T07:15:15.793",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-04 18:15
Modified
2024-11-21 05:44
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | confd | * | |
| cisco | confd | * | |
| cisco | network_services_orchestrator | * | |
| cisco | network_services_orchestrator | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:confd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00B1645F-8B9B-4B33-B059-6BD9F930B693",
"versionEndIncluding": "7.4.3",
"versionStartIncluding": "7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:confd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B973E75F-7C45-4263-B5C2-1B343651F022",
"versionEndIncluding": "7.5.2",
"versionStartIncluding": "7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1001E8CE-2203-4ED3-A697-9504BADA32D2",
"versionEndIncluding": "5.4.3.1",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "692BACD6-9D45-4F71-8EE6-251DE929EC84",
"versionEndIncluding": "5.5.2.2",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on an affected device. The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the attacker to elevate privileges to the level of the account under which ConfD is running, which is commonly root. Note: Any user who can authenticate to the built-in SSH server may exploit this vulnerability. By default, all ConfD users have this access if the server is enabled. Software updates that address this vulnerability have been released."
},
{
"lang": "es",
"value": "Una vulnerabilidad en ConfD, podr\u00eda permitir a un atacante local autenticado ejecutar comandos arbitrarios al nivel de la cuenta bajo la que se ejecuta ConfD, que suele ser root. Para explotar esta vulnerabilidad, un atacante debe tener una cuenta v\u00e1lida en un dispositivo afectado. La vulnerabilidad se presenta porque el software afectado ejecuta incorrectamente el servicio de usuario SFTP en el nivel de privilegio de la cuenta que se estaba ejecutando cuando el servidor Secure Shell (SSH) integrado de ConfD para CLI estaba habilitado. Si el servidor SSH integrado de ConfD no estaba habilitado, el dispositivo no est\u00e1 afectado por esta vulnerabilidad. Un atacante con privilegios de bajo nivel podr\u00eda explotar esta vulnerabilidad al autenticarse en un dispositivo afectado y emitiendo una serie de comandos en la interfaz SFTP. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante elevar los privilegios al nivel de la cuenta bajo la cual se ejecuta ConfD, que es com\u00fanmente root. Nota: Cualquier usuario que pueda autenticarse en el servidor SSH incorporado puede explotar esta vulnerabilidad. Por defecto, todos los usuarios de ConfD presentan este acceso si el servidor est\u00e1 habilitado. Se han publicado actualizaciones de software que solucionan esta vulnerabilidad"
}
],
"id": "CVE-2021-1572",
"lastModified": "2024-11-21T05:44:39.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-04T18:15:08.470",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confd-priv-esc-LsGtCRx4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-priv-esc-XXqRtTfT"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-05 14:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | network_services_orchestrator | 1.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90AD0D54-9C00-4441-BFF7-F93FFAF70053",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network Plug and Play component performs incomplete validation when configured to use secure unique device identifiers (SUDI) for authentication. An attacker who controls a Cisco device that supports SUDI authentication and has connectivity to an affected NSO system could exploit this vulnerability. The attacker would need to leverage information about the devices that are being registered on the NSO server to send crafted Cisco Network Plug and Play authentication packets to an affected system. A successful exploit could allow the attacker to gain unauthorized access to configuration data for devices that will be managed by the NSO system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente de servidor Cisco Network Plug and Play de Cisco Network Services Orchestrator (NSO) podr\u00eda permitir a un atacante remoto no autenticado obtener acceso no autorizado a los datos de configuraci\u00f3n que se almacenan en un sistema NSO afectado. La vulnerabilidad existe porque el componente Network Plug and Play realiza una validaci\u00f3n incompleta cuando se configura para utilizar identificadores de dispositivo \u00fanicos y seguros (SUDI) para la autenticaci\u00f3n. Un atacante que controle un dispositivo Cisco que soporte autenticaci\u00f3n SUDI y tenga conectividad con un sistema NSO afectado podr\u00eda explotar esta vulnerabilidad. El atacante tendr\u00eda que aprovechar la informaci\u00f3n sobre los dispositivos que se est\u00e1n registrando en el servidor NSO para enviar paquetes de autenticaci\u00f3n Cisco Network Plug and Play a un sistema afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante obtener acceso no autorizado a los datos de configuraci\u00f3n de los dispositivos que ser\u00e1n administrados por el sistema NSO."
}
],
"id": "CVE-2018-0463",
"lastModified": "2024-11-21T03:38:17.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-05T14:29:04.247",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-nso-infodis"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-10 10:15
Modified
2024-11-21 06:30
Severity ?
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
References
Impacted products
{
"cisaActionDue": "2021-12-24",
"cisaExploitAdd": "2021-12-10",
"cisaRequiredAction": "For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.",
"cisaVulnerabilityName": "Apache Log4j2 Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03FA5E81-F9C0-403E-8A4B-E4284E4E7B72",
"versionEndExcluding": "2.3.1",
"versionStartIncluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AED3D5EC-DAD5-4E5F-8BBD-B4E3349D84FC",
"versionEndExcluding": "2.12.2",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D31D423D-FC4D-428A-B863-55AF472B80DC",
"versionEndExcluding": "2.15.0",
"versionStartIncluding": "2.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "17854E42-7063-4A55-BF2A-4C7074CC2D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "53F32FB2-6970-4975-8BD0-EAE12E9AD03A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B773ED91-1D39-42E6-9C52-D02210DE1A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "EF24312D-1A62-482E-8078-7EC24758B710",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8320869-CBF4-4C92-885C-560C09855BFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "755BA221-33DD-40A2-A517-8574D042C261",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:captial:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07856DAA-EDB4-4522-BA16-CD302C9E39EF",
"versionEndExcluding": "2019.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:captial:2019.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F7AD819D-D093-472E-AA47-1A925111E4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:captial:2019.1:sp1912:*:*:*:*:*:*",
"matchCriteriaId": "2D07A11A-A3C6-4D44-B2E0-A8358D23947A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61597661-A3B0-4A14-AA6B-C911E0063390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB524B33-68E7-46A2-B5CE-BCD9C3194B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F852C6D-44A0-4CCE-83C7-4501CAD73F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA61161C-C2E7-4852-963E-E2D3DFBFDC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A76AA04A-BB43-4027-895E-D1EACFCDF41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6B60F3-327B-49B7-B5E4-F1C60896C9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCF281E-B0A2-49E2-AEF8-8691BDCE08D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A87EFCC4-4BC1-4FEA-BAA4-8FF221838EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B678380B-E95E-4A8B-A49D-D13B62AA454E",
"versionEndExcluding": "2021-12-13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4557476B-0157-44C2-BB50-299E7C7E1E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "991B2959-5AA3-4B68-A05A-42D9860FAA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5948A0-CA31-41DF-85B6-1E6D09E5720B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4C08D302-EEAC-45AA-9943-3A5F09E29FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D53BA68C-B653-4507-9A2F-177CF456960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:energyip_prepay:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0C3D5E-579F-42C6-9D8C-37969A1D17D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:energyip_prepay:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C16C460-9482-4A22-92AC-1AE0E87D7F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E180527-5C36-4158-B017-5BEDC0412FD6",
"versionEndExcluding": "8.6.2j-398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFDADA98-1CD0-45DA-9082-BFC383F7DB97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E33D707F-100E-4DE7-A05B-42467DE75EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3EAC80-44BE-41D2-8D57-0EE3DBA1E1B1",
"versionEndExcluding": "2021-12-13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC8AB52-F4F4-440D-84F5-2776BFE1957A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF6D774-AC8C-49CA-A00B-A2740CA8FA91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6423B1A7-F09F-421A-A0AC-3059CB89B110",
"versionEndExcluding": "2021-12-11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48C6A61B-2198-4B9E-8BCF-824643C81EC3",
"versionEndExcluding": "2021-12-13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE2F7A1-8281-48F1-8BFB-4FE0D7E1AEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C74B9880-FFF9-48CA-974F-54FB80F30D2D",
"versionEndIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74D1F4AD-9A60-4432-864F-4505B3C60659",
"versionEndIncluding": "1.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABA5332-8D1E-4129-A557-FCECBAC12827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3AA865-5570-4C8B-99DE-431AD7B163F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siguard_dsa:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00E03FB6-37F9-4559-8C86-F203D6782920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siguard_dsa:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90439591-BA01-4007-A2B6-B316548D4595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siguard_dsa:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F3B8B4-4D1B-4913-BD5F-1A04B47F829A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "83E77D85-0AE8-41D6-AC0C-983A8B73C831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
"matchCriteriaId": "02B28A44-3708-480D-9D6D-DDF8C21A15EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC0A575-F771-4B44-A0C6-6A5FD98E5134",
"versionEndIncluding": "4.16.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1D6B61-1F17-4008-9DFB-EF419777768E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9772EE3F-FFC5-4611-AD9A-8AD8304291BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF524892-278F-4373-A8A3-02A30FA1AFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F30DE588-9479-46AA-8346-EA433EE83A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4941EAD6-8759-4C72-ABA6-259C0E838216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF2708F-0BD9-41BF-8CB1-4D06C4EFB777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0762031C-DFF1-4962-AE05-0778B27324B9",
"versionEndExcluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "96271088-1D1B-4378-8ABF-11DAB3BB4DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*",
"matchCriteriaId": "2595AD24-2DF2-4080-B780-BC03F810B9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*",
"matchCriteriaId": "88096F08-F261-4E3E-9EEB-2AB0225CD6F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "044994F7-8127-4F03-AA1A-B2AB41D68AF5",
"versionEndExcluding": "4.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*",
"matchCriteriaId": "A6CB3A8D-9577-41FB-8AC4-0DF8DE6A519C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*",
"matchCriteriaId": "17B7C211-6339-4AF2-9564-94C7DE52EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*",
"matchCriteriaId": "DBCCBBBA-9A4F-4354-91EE-10A1460BBA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F81F6B-E455-4367-ADA4-8A5EC7F4754A",
"versionEndExcluding": "2.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "A5EF509E-3799-4718-B361-EFCBA17AEEF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*",
"matchCriteriaId": "8CA31645-29FC-4432-9BFC-C98A808DB8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BB424991-0B18-4FFC-965F-FCF4275F56C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B209EFE-77F2-48CD-A880-ABA0A0A81AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72D238AB-4A1F-458D-897E-2C93DCD7BA6C",
"versionEndExcluding": "2019.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9778339A-EA93-4D18-9A03-4EB4CBD25459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*",
"matchCriteriaId": "1747F127-AB45-4325-B9A1-F3D12E69FFC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*",
"matchCriteriaId": "18BBEF7C-F686-4129-8EE9-0F285CE38845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD525494-2807-48EA-AED0-11B9CB5A6A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EDCBF98-A857-48BC-B04D-6F36A1975AA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:audio_development_kit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "099344DD-8AEE-49A0-88A8-691A8A1E651F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A06BF8-E4DC-4389-8A91-8AC7598E0009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:data_center_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8555F365-2BFD-4A0A-A7D0-1459241758B3",
"versionEndExcluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18989EBC-E1FB-473B-83E0-48C8896C2E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_sample_browser:-:*:*:*:*:eclipse:*:*",
"matchCriteriaId": "EDE66B6C-25E5-49AE-B35F-582130502222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22BEE177-D117-478C-8EAD-9606DEDF9FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:sensor_solution_firmware_development_kit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F021E2E7-0D8F-4336-82A6-77E521347C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:system_debugger:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F66B0A2-22C0-41D5-B866-1764DEC12CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC619106-991C-413A-809D-C2410EBA4CDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5BAA8A5-74B3-48EB-8287-302927197A4E",
"versionEndExcluding": "10.0.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "CBCC384C-5DF0-41AB-B17B-6E9B6CAE8065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "F3A48D58-4291-4D3C-9CEA-BF12183468A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E52AF19-0158-451B-8E36-02CB6406083F",
"versionEndExcluding": "3.5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:automated_subsea_tuning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB21CFB4-4492-4C5D-BD07-FFBE8B5D92B6",
"versionEndExcluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:broadworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97426511-9B48-46F5-AC5C-F9781F1BAE2F",
"versionEndExcluding": "2021.11_1.162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82306B9F-AE97-4E29-A8F7-2E5BA52998A7",
"versionEndExcluding": "3.0.000.115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C903C85-DC0F-47D8-B8BE-7A666877B017",
"versionEndExcluding": "3.1.000.044",
"versionStartIncluding": "3.1.000.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4C6F9E0-5DCE-431D-AE7E-B680AC1F9332",
"versionEndExcluding": "3.2.000.009",
"versionStartIncluding": "3.2.000.000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloud_connect:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52CF6199-8028-4076-952B-855984F30129",
"versionEndExcluding": "12.6\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloudcenter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "622BB8D9-AC81-4C0F-A5C5-C5E51F0BC0D1",
"versionEndExcluding": "4.10.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloudcenter_cost_optimizer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38FB3CE1-5F62-4798-A825-4E3DB07E868F",
"versionEndExcluding": "5.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloudcenter_suite_admin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29CDB878-B085-448E-AB84-25B1E2D024F8",
"versionEndExcluding": "5.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloudcenter_workload_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C25FDA96-9490-431F-B8B6-CC2CC272670E",
"versionEndExcluding": "5.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51CD9E4C-9385-435C-AD18-6C36C8DF7B65",
"versionEndExcluding": "2.9.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0AC4C1-CB06-4084-BFBB-5B702C384C53",
"versionEndExcluding": "2.10.0.1",
"versionStartIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3871EBD2-F270-435A-B98C-A282E1C52693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:contact_center_domain_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4DF34B-E8C2-41C8-90E2-D119B50E4E7E",
"versionEndExcluding": "12.5\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:contact_center_management_portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8EF64DA-73E4-4E5E-8F9A-B837C947722E",
"versionEndExcluding": "12.5\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66E1E4FC-0B6E-4CFA-B003-91912F8785B2",
"versionEndExcluding": "2.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2390C3-C319-4F05-8CF0-0D30F9931507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C154491E-06C7-48B0-AC1D-89BBDBDB902E",
"versionEndExcluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E98EC48-0CED-4E02-9CCB-06EF751F2BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_optimization_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C569DC2A-CFF6-4E13-A50C-E215A4F96D99",
"versionEndExcluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "258A51AC-6649-4F67-A842-48A7AE4DCEE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_platform_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC22505-DE11-4A1B-8C06-1E306419B031",
"versionEndExcluding": "4.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E31AC54-B928-48B5-8293-F5F4A7A8C293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8AE870-6FD0-40D2-958B-548E2D7A7B75",
"versionEndExcluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68E7D83B-B6AC-45B1-89A4-D18D7A6018DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:customer_experience_cloud_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17660B09-47AA-42A2-B5FF-8EBD8091C661",
"versionEndExcluding": "1.12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9A82-16AE-437A-B8CF-CC7E9B6C4E44",
"versionEndExcluding": "4.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:data_center_network_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "843147AE-8117-4FE9-AE74-4E1646D55642",
"versionEndExcluding": "11.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:data_center_network_manager:11.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7EB871C9-CA14-4829-AED3-CC2B35E99E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF8A83D-A282-4661-B133-213A8838FB27",
"versionEndExcluding": "2.1.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "139CDAA5-63E9-4E56-AF72-745BD88E4B49",
"versionEndExcluding": "2.2.2.8",
"versionStartIncluding": "2.2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01FD99C4-BCB1-417E-ADCE-73314AD2E857",
"versionEndExcluding": "2.2.3.4",
"versionStartIncluding": "2.2.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:dna_spaces\\:_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9031BE8A-646A-4581-BDE5-750FB0CE04CB",
"versionEndExcluding": "2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15BED3E2-46FF-4E58-8C5D-4D8FE5B0E527",
"versionEndExcluding": "11.5\\(4\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C950436-2372-4C4B-9B56-9CB48D843045",
"versionEndExcluding": "12.0\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B61F186-D943-4711-B3E0-875BB570B142",
"versionEndIncluding": "4.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A285C40-170D-4C95-8031-2C6E4D5FB1D4",
"versionEndExcluding": "12.6\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3C0F02B5-AA2A-48B2-AE43-38B45532C563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:fog_director:-:*:*:*:*:*:*:*",
"matchCriteriaId": "830BDB28-963F-46C3-8D50-638FDABE7F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54553C65-6BFA-40B1-958D-A4E3289D6B1D",
"versionEndExcluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "439948AD-C95D-4FC3-ADD1-C3D241529F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2002AE-0F3C-4A06-9B9A-F77A9F700EB2",
"versionEndExcluding": "2.3.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "596A986D-E7DC-4FC4-A776-6FE87A91D7E4",
"versionEndExcluding": "1.0.9-361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:iot_operations_dashboard:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD93434E-8E75-469C-B12B-7E2B6EDCAA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_assurance_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78684844-4974-41AD-BBC1-961F60025CD2",
"versionEndExcluding": "6.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A00D235-FC9C-4EB7-A16C-BB0B09802E61",
"versionEndExcluding": "5.3.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C60FDD1B-898E-4FCB-BDE2-45A7CBDBAF4F",
"versionEndExcluding": "5.4.5.2",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A33E5F-BBC7-4917-9C63-900248B546D9",
"versionEndExcluding": "5.5.4.1",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12D98A7C-4992-4E58-A6BD-3D8173C8F2B0",
"versionEndExcluding": "5.6.3.1",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DDC1AF-31B5-4F05-B84F-8FD23BE163DA",
"versionEndExcluding": "2.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:nexus_insights:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4540CF6-D33E-4D33-8608-11129D6591FA",
"versionEndExcluding": "6.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:optical_network_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "129A7615-99E7-41F8-8EBC-CEDA10AD89AD",
"versionEndExcluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F46A7AC-C133-442D-984B-BA278951D0BF",
"versionEndExcluding": "11.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A1A75AB6-C3A7-4299-B35A-46A4BCD00816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:paging_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A73E888-C8C2-4AFD-BA60-566D45214BCA",
"versionEndExcluding": "14.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_service_catalog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B0D0FD0-ABC6-465F-AB8D-FA8788B1B2DD",
"versionEndExcluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D673F6F7-C42A-4538-96F0-34CB4F0CB080",
"versionEndExcluding": "20.3.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD374819-3CED-4260-90B6-E3C1333EAAD2",
"versionEndExcluding": "20.4.2.1",
"versionStartIncluding": "20.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D89973-94AF-4BE7-8245-275F3FEB30F4",
"versionEndExcluding": "20.5.1.1",
"versionStartIncluding": "20.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91A9A889-2C2B-4147-8108-C35291761C15",
"versionEndExcluding": "20.6.2.1",
"versionStartIncluding": "20.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0EEA1EC-C63C-4C7D-BFAE-BA4556332242",
"versionEndExcluding": "3.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ucs_central:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACE22D97-42FA-4179-99E5-C2EE582DB7FF",
"versionEndExcluding": "2.0\\(1p\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B5DB6D-9E7D-4403-8028-D7DA7493716B",
"versionEndExcluding": "6.8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "B98D7AD5-0590-43FB-8AC0-376C9C500C15",
"versionEndExcluding": "11.5\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
"matchCriteriaId": "D9DA1900-9972-4DFD-BE2E-74DABA1ED9A9",
"versionEndExcluding": "11.5\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "42A41C41-A370-4C0E-A49D-AD42B2F3FB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:-:*:*:*",
"matchCriteriaId": "7E958AFF-185D-4D55-B74B-485BEAEC42FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*",
"matchCriteriaId": "F770709C-FFB2-4A4E-A2D8-2EAA23F2E87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "B85B81F9-8837-426E-8639-AB0712CD1A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CCCD27-A247-4720-A2FE-C8ED55D1D0DE",
"versionEndExcluding": "11.5\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "34D89C42-AAD9-4B04-9F95-F77681E39553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "897C8893-B0B6-4D6E-8D70-31B421D80B9A",
"versionEndExcluding": "11.6\\(2\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "91D62A73-21B5-4D16-A07A-69AED2D40CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0492049-D3AC-4512-A4BF-C9C26DA72CB0",
"versionEndExcluding": "12.5\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3868A8AA-6660-4332-AB0C-089C150D00E7",
"versionEndExcluding": "11.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58BD72D6-4A79-49C9-9652-AB0136A591FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A32761FD-B435-4E51-807C-2B245857F90E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "154F7F71-53C5-441C-8F5C-0A82CB0DEC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65FD3873-2663-4C49-878F-7C65D4B8E455",
"versionEndExcluding": "11.5\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:video_surveillance_operations_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0886FB04-24AA-4995-BA53-1E44F94E114E",
"versionEndExcluding": "7.14.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:virtual_topology_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C61805C1-1F73-462C-A9CA-BB0CA4E57D0B",
"versionEndExcluding": "2.6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB39834-0F6D-4BD7-AFEC-DD8BEE46DA50",
"versionEndExcluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B78DD21-15F2-47A4-8A99-6DB6756920AC",
"versionEndExcluding": "3.4.4",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6222EB-36E1-4CD5-BD69-5A921ED5DA6A",
"versionEndExcluding": "12.5\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wan_automation_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C200CABD-F91B-49C4-A262-C56370E44B4C",
"versionEndExcluding": "7.3.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE22BE9B-374E-43DC-BA91-E3B9699A4C7C",
"versionEndExcluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "61D1081F-87E8-4E8B-BEBD-0F239E745586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "8D138973-02B0-4FEC-A646-FF1278DA1EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "30B55A5B-8C5E-4ECB-9C85-A8A3A3030850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "14DBEC10-0641-441C-BE15-8F72C1762DCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:*:*:*:*:*",
"matchCriteriaId": "205C1ABA-2A4F-480F-9768-7E3EC43B03F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4:*:*:*:*:*:*",
"matchCriteriaId": "D36FE453-C43F-448B-8A59-668DE95468C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5:*:*:*:*:*:*",
"matchCriteriaId": "E8DF0944-365F-4149-9059-BDFD6B131DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "6B37AA08-13C7-4FD0-8402-E344A270C8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "2AA56735-5A5E-4D8C-B09D-DBDAC2B5C8E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4:*:*:*:*:*:*",
"matchCriteriaId": "4646849B-8190-4798-833C-F367E28C1881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4D6CF856-093A-4E89-A71D-50A2887C265B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "B36A9043-0621-43CD-BFCD-66529F937859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "8842B42E-C412-4356-9F54-DFC53B683D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "D25BC647-C569-46E5-AD45-7E315EBEB784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:workload_optimization_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B468EDA1-CDEF-44D4-9D62-C433CF27F631",
"versionEndExcluding": "3.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C90C6CD1-4678-4621-866B-F0CE819C8000",
"versionEndExcluding": "12.6\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_sip_proxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4905E2-2129-469C-8BBD-EDA258815E2B",
"versionEndExcluding": "10.2.1v2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:unified_workforce_optimization:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC86AC6C-7C08-4EB9-A588-A034113E4BB1",
"versionEndExcluding": "11.5\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFE3880-4B85-4E23-9836-70875D5109F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "727A02E8-40A1-4DFE-A3A2-91D628D3044F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19F6546E-28F4-40DC-97D6-E0E023FE939B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3B0EC3-4654-4D90-9D41-7EC2AD1DDF99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*",
"matchCriteriaId": "957D64EB-D60E-4775-B9A8-B21CA48ED3B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A694AD51-9008-4AE6-8240-98B17AB527EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38AE6DC0-2B03-4D36-9856-42530312CC46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71DCEF22-ED20-4330-8502-EC2DD4C9838F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB2822B-B752-4CD9-A178-934957E306B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81F4868A-6D62-479C-9C19-F9AABDBB6B24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65378F3A-777C-4AE2-87FB-1E7402F9EA1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07DAFDDA-718B-4B69-A524-B0CEB80FE960",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:fxos:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82C8AD48-0130-4C20-ADEC-697668E2293B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fxos:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E75EF7C-8D71-4D70-91F0-74FC99A90CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fxos:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB7EE7D-8CB4-4804-9F9D-F235608E86E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fxos:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77571973-2A94-4E15-AC5B-155679C3C565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fxos:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA405A50-3F31-48ED-9AF1-4B02F5B367DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fxos:6.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3753953-04E8-4382-A6EC-CD334DD83CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fxos:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A5F89F-1296-4A0F-A36D-082A481F190F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fxos:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F50F48AF-44FF-425C-9685-E386F956C901",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D28E76-56D4-4C9A-A660-7CD7E0A1AC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:broadworks:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD975A0E-00A6-475E-9064-1D64E4291499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloudcenter_suite:4.10\\(0.15\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2E50AC21-DA54-4BC8-A503-1935FD1714C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloudcenter_suite:5.3\\(0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4D05E169-4AF1-4127-A917-056EC2CE781B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloudcenter_suite:5.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8AD415A2-422E-4F15-A177-C3696FEAFF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "134443B7-7BA8-4B50-8874-D4BF931BECFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "73ADF6EA-CD29-4835-8D72-84241D513AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.000\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BAC1A386-04C7-45B2-A883-1CD9AB60C14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.001\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3F0F1639-D69E-473A-8926-827CCF73ACC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.002\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F4FDF900-E9D6-454A-BF6B-821620CA59F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.000\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1859BD43-BA2B-45A5-B523-C6BFD34C7B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.001\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1EBC145C-9A2F-4B76-953E-0F690314511C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.002\\):*:*:*:*:*:*:*",
"matchCriteriaId": "158B7A53-FEC1-4B42-A1E2-E83E99564B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.010\\(000.000\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3A378971-1A08-4914-B012-8E24DCDEFC68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5CC012-DC85-481A-B82A-9323C19674DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:*:*:*:*:*:*:*",
"matchCriteriaId": "76CF59ED-685D-46CD-80A2-AEDA4F03FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:*:*:*:*:*:*:*",
"matchCriteriaId": "960B07C0-E205-47E7-B578-46A0AF559D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A194E1-405E-47FA-8CDF-58EB78883ACC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:*:*:*:*:*:*:*",
"matchCriteriaId": "2E628231-61FB-40AF-A20B-00F5CB78E63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA25E92-2C76-4722-BA06-53F33C0D961C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "51D2940A-0D03-415B-B72E-1F6862DDAC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:*:*:*:*:*:*:*",
"matchCriteriaId": "8B346ADC-00BE-4409-B658-A11351D2A7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:*:*:*:*:*:*:*",
"matchCriteriaId": "5A0E44A9-C427-493B-868A-8A8DA405E759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:*:*:*:*:*:*:*",
"matchCriteriaId": "B2B31E7C-0EB3-4996-8859-DF94A3EE20B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:*:*:*:*:*:*:*",
"matchCriteriaId": "3EAB3E03-275F-4942-9396-FC7A22F42C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:*:*:*:*:*:*:*",
"matchCriteriaId": "19DAD751-D170-4914-BAB2-6054DFEEF404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_network_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F429F37-3576-4D8A-9901-359D65EC3CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F526DEF1-4A3E-4FE1-8153-E9252DAE5B92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C19679D0-F4DC-4130-AFFD-692E5130531A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60D2FBF3-D8AB-41F0-B170-9E56FBF7E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F60324DD-8450-4B14-A7A1-0D5EA5163580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cx_cloud_agent:001.012:*:*:*:*:*:*:*",
"matchCriteriaId": "12F6DFD1-273B-4292-A22C-F2BE0DD3FB3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cyber_vision:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "13EA024C-97A4-4D33-BC3E-51DB77C51E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85289E35-C7C2-46D0-9BDC-10648DD2C86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:dna_center:2.2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "17282822-C082-4FBC-B46D-468DCF8EF6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:dna_spaces:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5463DA6-5D44-4C32-B46C-E8A2ADD7646B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:dna_spaces_connector:-:*:*:*:*:*:*:*",
"matchCriteriaId": "54A237CF-A439-4114-AF81-D75582F29573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:emergency_responder:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A37D19BF-E4F5-4AF4-8942-0C3B62C4BF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.65000.14\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EF25688B-6659-4C7C-866D-79AA1166AD7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.66000.14\\):*:*:*:*:*:*:*",
"matchCriteriaId": "47B70741-90D9-4676-BF16-8A21E147F532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ED862A1B-E558-4D44-839C-270488E735BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2678AF98-1194-4810-9933-5BA50E409F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "37E7DEBD-9E47-4D08-86BC-D1B013450A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A935862-18F7-45FE-B647-1A9BA454E304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69594997-2568-4C10-A411-69A50BFD175F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EC39E2D-C47B-4311-BC7B-130D432549F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5E6CBE-D82C-4001-87CB-73DF526F0AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "460E6456-0E51-45BC-868E-DEEA5E3CD366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F58659-A318-42A0-83C5-8F09FCD78982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su1:*:*:*:*:*:*",
"matchCriteriaId": "D8A49E46-8501-4697-A17A-249A7D9F5A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su2:*:*:*:*:*:*",
"matchCriteriaId": "5D81E7A9-0C2B-4603-91F0-ABF2380DBBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "4DFCE723-9359-40C7-BA35-B71BDF8E3CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es01:*:*:*:*:*:*",
"matchCriteriaId": "28B1524E-FDCA-4570-86DD-CE396271B232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es02:*:*:*:*:*:*",
"matchCriteriaId": "74DC6F28-BFEF-4D89-93D5-10072DAC39C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es03:*:*:*:*:*:*",
"matchCriteriaId": "BA1D60D7-1B4A-4EEE-A26C-389D9271E005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D726F07-06F1-4B0A-B010-E607E0C2A280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED58B0E-FCC7-48E3-A5C0-6CC54A38BAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2DF0B07-8C2A-4341-8AFF-DE7E5E5B3A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41E168ED-D664-4749-805E-77644407EAFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD69468-8067-4A5D-B2B0-EC510D889AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85F22403-B4EE-4303-9C94-915D3E0AC944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:002.004\\(000.914\\):-:*:*:*:*:*:*",
"matchCriteriaId": "808F8065-BD3A-4802-83F9-CE132EDB8D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:002.006\\(000.156\\):-:*:*:*:*:*:*",
"matchCriteriaId": "B236B13E-93B9-424E-926C-95D3DBC6CA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:002.007\\(000.356\\):-:*:*:*:*:*:*",
"matchCriteriaId": "8A63CC83-0A6E-4F33-A1BE-214A33B51518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:003.000\\(000.458\\):-:*:*:*:*:*:*",
"matchCriteriaId": "37DB7759-6529-46DE-B384-10F060D86A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:003.001\\(000.518\\):-:*:*:*:*:*:*",
"matchCriteriaId": "8C640AD9-146E-488A-B166-A6BB940F97D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:003.002\\(000.116\\):-:*:*:*:*:*:*",
"matchCriteriaId": "DAC1FA7E-CB1B-46E5-A248-ABACECFBD6E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\\(002.000\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7C3BD5AF-9FC1-494B-A676-CC3D4B8EAC8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F477CACA-2AA0-417C-830D-F2D3AE93153A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3BE5E1-A6B6-46C7-B93B-8A9F5AEA2731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:mobility_services_engine:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04E0BB7B-0716-4DBD-89B9-BA11AAD77C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_assurance_engine:6.0\\(2.1912\\):*:*:*:*:*:*:*",
"matchCriteriaId": "64C98A76-0C31-45E7-882B-35AE0D2C5430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "379F8D86-BE87-4250-9E85-494D331A0398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "71F69E51-E59D-4AE3-B242-D6D2CFDB3F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "578DA613-8E15-4748-A4B7-646415449609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "544EFAD6-CE2F-4E1D-9A00-043454B72889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2E16DF9C-3B64-4220-82B6-6E20C7807BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9CD5B8A-9846-48F1-9495-77081E44CBFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "68E6CD49-6F71-4E17-B046-FBE91CE91CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD8018-7E77-4C89-917E-ACDC678A7DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_insights_for_data_center:6.0\\(2.1914\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A7D39156-A47D-405E-8C02-CAE7D637F99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:network_services_orchestrator:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5426FC59-411D-4963-AFEF-5B55F68B8958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:optical_network_controller:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "810E9A92-4302-4396-94D3-3003947DB2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:paging_server:8.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "522C36A5-7520-4368-BD92-9AB577756493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:paging_server:8.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CB2EC4BE-FFAF-4605-8A96-2FEF35975540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:paging_server:8.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CA1D3C2A-E5FA-400C-AC01-27A3E5160477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:paging_server:9.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "63B27050-997B-4D54-8E5A-CE9E33904318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:paging_server:9.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5ABF05B8-1B8A-4CCF-A1AD-D8602A247718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:paging_server:9.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2F74580D-0011-4ED9-9A00-B4CDB6685154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:paging_server:12.5\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "17A3C22E-1980-49B6-8985-9FA76A77A836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:paging_server:14.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B1AB42DC-CE58-448A-A6B5-56F31B15F4A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:prime_service_catalog:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC32B55-0C76-4669-8EAD-DCC16355E887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDA737F-337E-4C30-B68D-EF908A8D6840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC5A89C-CCCF-49EC-B4FC-AB98ACB79233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4F513-CBA1-4523-978B-D498CEDAE0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C53C6FD-B98E-4F7E-BA4D-391C90CF9E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D00F6719-2C73-4D8D-8505-B9922E8A4627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EFE9210F-39C5-4828-9608-6905C1D378D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A1CEDCE4-CFD1-434B-B157-D63329CBA24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:smart_phy:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33660EB8-2984-4258-B8AD-141B7065C85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:smart_phy:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACA346D-5103-47F0-8BD9-7A8AD9B92E98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:smart_phy:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A38BDF03-23C8-4BB6-A44D-68818962E7CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:smart_phy:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3104C099-FEDA-466B-93CC-D55F058F7CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:smart_phy:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "890EA1C7-5990-4C71-857F-197E6F5B4089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:smart_phy:21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "56F21CF4-83FE-4529-9871-0FDD70D3095E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9331834-9EAD-46A1-9BD4-F4027E49D0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0E707E44-12CD-46C3-9124-639D0265432E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2FEE8482-DB64-4421-B646-9E5F560D1712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4385CE6E-6283-4621-BBD9-8E66E2A34843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9A6CDBD4-889B-442D-B272-C8E9A1B6AEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF1E59F9-CF4F-4EFB-872C-5F503A04CCF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1782219F-0C3D-45B7-80C7-D1DAA70D90B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1g\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DDAB3BAD-1EC6-4101-A58D-42DA48D04D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8F7AA674-6BC2-490F-8D8A-F575B11F4BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6945C4DE-C070-453E-B641-2F5B9CFA3B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1l\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DAB8C7C0-D09B-4232-A88E-57D25AF45457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.17900.52\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ACEDB7B4-EBD4-4A37-9EE3-07EE3B46BE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18119.2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "820D579C-AA45-4DC1-945A-748FFCD51CA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18900.97\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7B23A9A6-CD04-4D76-BE3F-AFAFBB525F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.21900.40\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A44E6007-7A3A-4AD3-9A65-246C59B73FB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.22900.28\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3D508E51-4075-4E34-BB7C-65AF9D56B49F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_\\\u0026_presence_service:11.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "376D06D5-D68E-4FF0-97E5-CBA2165A05CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_\\\u0026_presence_service:11.5\\(1.22900.6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "18ED6B8F-2064-4BBA-A78D-4408F13C724D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_computing_system:006.008\\(001.000\\):*:*:*:*:*:*:*",
"matchCriteriaId": "94091FE3-AB88-4CF5-8C4C-77B349E716A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "91D62A73-21B5-4D16-A07A-69AED2D40CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "53F1314A-9A2C-43DC-8203-E4654EF013CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0ADE468B-8F0C-490D-BB4C-358D947BA8E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "32FEE78D-309E-491D-9AB6-98005F1CBF49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "878D9901-675D-4444-B094-0BA505E7433F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "66E25EE4-AB7B-42BF-A703-0C2E83E83577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):su1:*:*:*:*:*:*",
"matchCriteriaId": "D8F35520-F04A-4863-A1BC-0EDD2D1804F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EF9855FD-7747-4D9E-9542-703B1EC9A382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E07AF386-D8A5-44F5-A418-940C9F88A36A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "113C77DA-AC22-4D67-9812-8510EFC0A95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4BE221AB-A3B0-4CFF-9BC0-777773C2EF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "15941265-1E7E-4C3E-AF1D-027C5E0D3141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "54AA2B0C-92A1-4B53-88D7-6E31120F5041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F9BD7207-85FB-4484-8720-4D11F296AC10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "62E009C4-BE3E-4A14-91EF-8F667B2220A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es01:*:*:*:*:*:*",
"matchCriteriaId": "088512E1-434D-4685-992E-192A98ECAD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es02:*:*:*:*:*:*",
"matchCriteriaId": "50A7BBC6-077C-4182-AA7A-577C4AAC3CD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(2\\):-:*:*:*:*:*:*",
"matchCriteriaId": "E0536F45-3A49-4F93-942E-AF679DFC7017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(000\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3D54794B-6CD5-46D7-B9E9-62A642143562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(001\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BE844DCA-FF52-43F5-BDD9-836A812A8CFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(000\\):*:*:*:*:*:*:*",
"matchCriteriaId": "07B261EB-CA63-4796-BD15-A6770FD68B34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(001\\):*:*:*:*:*:*:*",
"matchCriteriaId": "29F9067A-B86C-4A6B-ACB7-DB125E04B795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_workforce_optimization:11.5\\(1\\):sr7:*:*:*:*:*:*",
"matchCriteriaId": "FAC4CC92-8BA0-4D96-9C48-5E311CDED53F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2437A5-217A-4CD1-9B72-A31BDDC81F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:11.5\\(1.10000.6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9C3CFF0D-BD70-4353-AE2F-6C55F8DE56A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(1.26\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2CE47760-0E71-4FCA-97D1-CF0BB71CAC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(2.26\\):*:*:*:*:*:*:*",
"matchCriteriaId": "89B2D4F5-CB86-4B25-8C14-CED59E8A3F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(3.025\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B150B636-6267-4504-940F-DC37ABEFB082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(4.018\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D00B9911-A7CA-467E-B7A3-3AF31828D5D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:virtual_topology_system:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B67C08C3-412F-4B7F-B98C-EEAEE77CBE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D428C9B-53E1-4D26-BB4D-57FDE02FA613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB41596-FACF-440A-BB6C-8CAD792EC186",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8C88EE2-5702-4E8B-A144-CB485435FD62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC62844-C608-4DB1-A1AD-C1B55128C560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF2FFA4-358A-4F33-BC67-A9EF8A30714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "53C0BBDE-795E-4754-BB96-4D6D4B5A804F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7A41E377-16F9-423F-8DC2-F6EDD54E1069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C2789E-255B-45D9-9469-B5B549A01F53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAFEC61-2128-4BFA-992D-54742BD4911A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F12AF70E-2201-4F5D-A929-A1A057B74252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:snowsoftware:snow_commander:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2CBCDC4-02DF-47F4-A01C-7CBCB2FF0163",
"versionEndExcluding": "8.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:snowsoftware:vm_access_proxy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C42D44C8-9894-4183-969B-B38FDA1FEDF9",
"versionEndExcluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bentley:synchro:*:*:*:*:pro:*:*:*",
"matchCriteriaId": "8CD3B3D3-CC14-4278-9914-F7C6E86D3119",
"versionEndExcluding": "6.4.3.2",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bentley:synchro_4d:*:*:*:*:pro:*:*:*",
"matchCriteriaId": "0C5D6BF7-A818-4C7D-A305-91EB622271AC",
"versionEndExcluding": "6.2.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16E0A04D-30BE-4AB3-85A1-13AF614C425C",
"versionEndIncluding": "7.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0755E91-2F36-4EC3-8727-E8BF0427E663",
"versionEndExcluding": "13.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
},
{
"lang": "es",
"value": "Las caracter\u00edsticas JNDI de Apache Log4j2 2.0-beta9 hasta 2.15.0 (excluyendo las versiones de seguridad 2.12.2, 2.12.3 y 2.3.1) utilizadas en la configuraci\u00f3n, los mensajes de registro y los par\u00e1metros no protegen contra LDAP controlado por un atacante y otros puntos finales relacionados con JNDI. Un atacante que pueda controlar los mensajes de registro o los par\u00e1metros de los mensajes de registro puede ejecutar c\u00f3digo arbitrario cargado desde servidores LDAP cuando la sustituci\u00f3n de la b\u00fasqueda de mensajes est\u00e1 habilitada. A partir de la versi\u00f3n 2.15.0 de log4j, este comportamiento ha sido deshabilitado por defecto. A partir de la versi\u00f3n 2.16.0 (junto con las versiones 2.12.2, 2.12.3 y 2.3.1), esta funcionalidad se ha eliminado por completo. Tenga en cuenta que esta vulnerabilidad es espec\u00edfica de log4j-core y no afecta a log4net, log4cxx u otros proyectos de Apache Logging Services"
}
],
"id": "CVE-2021-44228",
"lastModified": "2024-11-21T06:30:38.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-10T10:15:09.143",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/2"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/11"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/23"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"source": "security@apache.org",
"tags": [
"Broken Link",
"Product",
"US Government Resource"
],
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"source": "security@apache.org",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
},
{
"source": "security@apache.org",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
},
{
"source": "security@apache.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213189"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"source": "security@apache.org",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Jul/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/cisagov/log4j-affected-db"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Product",
"US Government Resource"
],
"url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://twitter.com/kurtseifried/status/1469345530182455296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security@apache.org",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-917"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}