All the vulnerabilites related to juniper - session_and_resource_control
cve-2021-31352
Vulnerability from cvelistv5
Published
2021-10-19 18:16
Modified
2024-09-16 19:20
Severity ?
EPSS score ?
Summary
An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11217 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Juniper Networks | SRC Series |
Version: unspecified < 4.13.0-R6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SRC Series",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "4.13.0-R6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "A sample configuration of NETCONF over SSH is shown below:\n\n netconf {\n ssh {\n port 830;\n }\n }"
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:16:33",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11217"
}
],
"solutions": [
{
"lang": "en",
"value": "A hotfix has been created to resolve this issue. Contact Juniper Networks Technical Support to request the hotfix.\n\nWeak ciphers are now disabled by default. Only the following ciphers and key-exchange (KEX) algorithms are now enabled by default:\n\n\u2022 Ciphers: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\n\u2022 KEX Algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1\n\nNote: After upgrading to a fixed release, any manually configured weak ciphers or KEX algorithms for NETCONF will be retained. Administrators should reset their cipher configuration by typing:\n root@src# delete system services netconf ssh\n root@src# commit\n Stopping NETCONF/SSH:\n commit complete.\n\n root@src# set system services netconf ssh"
}
],
"source": {
"advisory": "JSA11217",
"defect": [
"1568322"
],
"discovery": "INTERNAL"
},
"title": "SRC Series: NETCONF over SSH allows negotiation of weak ciphers",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31352",
"STATE": "PUBLIC",
"TITLE": "SRC Series: NETCONF over SSH allows negotiation of weak ciphers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SRC Series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.13.0-R6"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "A sample configuration of NETCONF over SSH is shown below:\n\n netconf {\n ssh {\n port 830;\n }\n }"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11217",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11217"
}
]
},
"solution": [
{
"lang": "en",
"value": "A hotfix has been created to resolve this issue. Contact Juniper Networks Technical Support to request the hotfix.\n\nWeak ciphers are now disabled by default. Only the following ciphers and key-exchange (KEX) algorithms are now enabled by default:\n\n\u2022 Ciphers: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\n\u2022 KEX Algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1\n\nNote: After upgrading to a fixed release, any manually configured weak ciphers or KEX algorithms for NETCONF will be retained. Administrators should reset their cipher configuration by typing:\n root@src# delete system services netconf ssh\n root@src# commit\n Stopping NETCONF/SSH:\n commit complete.\n\n root@src# set system services netconf ssh"
}
],
"source": {
"advisory": "JSA11217",
"defect": [
"1568322"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31352",
"datePublished": "2021-10-19T18:16:33.308361Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-16T19:20:18.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31381
Vulnerability from cvelistv5
Published
2021-10-19 18:17
Modified
2024-09-16 17:08
Severity ?
EPSS score ?
Summary
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11248 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Juniper Networks | SRC Series |
Version: unspecified < 4.12.0R5 Version: 4.13.0 < 4.13.0R3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SRC Series",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "4.12.0R5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.13.0R3",
"status": "affected",
"version": "4.13.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:17:23",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11248"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 4.12.0R5, 4.13.0R3, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11248",
"defect": [
"1487223"
],
"discovery": "USER"
},
"title": "SRC Series: A remote attacker sending a specially crafted query may cause the web server to delete files",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31381",
"STATE": "PUBLIC",
"TITLE": "SRC Series: A remote attacker sending a specially crafted query may cause the web server to delete files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SRC Series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.12.0R5"
},
{
"version_affected": "\u003c",
"version_name": "4.13.0",
"version_value": "4.13.0R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11248",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11248"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 4.12.0R5, 4.13.0R3, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11248",
"defect": [
"1487223"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31381",
"datePublished": "2021-10-19T18:17:23.187566Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-16T17:08:17.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0960
Vulnerability from cvelistv5
Published
2008-06-10 18:00
Modified
2024-08-07 08:01
Severity ?
EPSS score ?
Summary
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380"
},
{
"name": "35463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35463"
},
{
"name": "30615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT2163"
},
{
"name": "ADV-2008-1787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1787/references"
},
{
"name": "30648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q"
},
{
"name": "32664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32664"
},
{
"name": "ADV-2008-1981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1981/references"
},
{
"name": "ADV-2008-1801",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1801/references"
},
{
"name": "SUSE-SA:2008:039",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html"
},
{
"name": "[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.ingate.com/pipermail/productinfo/2008/000021.html"
},
{
"name": "31351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31351"
},
{
"name": "ADV-2008-1788",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1788/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm"
},
{
"name": "FEDORA-2008-5215",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html"
},
{
"name": "29623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29623"
},
{
"name": "31334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31334"
},
{
"name": "ADV-2008-2971",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"name": "oval:org.mitre.oval:def:10820",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820"
},
{
"name": "oval:org.mitre.oval:def:6414",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414"
},
{
"name": "30626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30626"
},
{
"name": "SSRT080082",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"name": "[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/09/1"
},
{
"name": "HPSBMA02439",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"name": "VU#878044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/878044"
},
{
"name": "30647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30647"
},
{
"name": "238865",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1"
},
{
"name": "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"name": "ADV-2008-1836",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1836/references"
},
{
"name": "33003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33003"
},
{
"name": "20080610 SNMP Version 3 Authentication Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml"
},
{
"name": "ADV-2008-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "31568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31568"
},
{
"name": "31467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31467"
},
{
"name": "APPLE-SA-2008-06-30",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"name": "DSA-1663",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1663"
},
{
"name": "TA08-162A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-006.html"
},
{
"name": "RHSA-2008:0528",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0528.html"
},
{
"name": "3933",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3933"
},
{
"name": "RHSA-2008:0529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0529.html"
},
{
"name": "30612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30612"
},
{
"name": "30802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30802"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=447974"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z"
},
{
"name": "5790",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5790"
},
{
"name": "ADV-2008-1797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1797/references"
},
{
"name": "GLSA-200808-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-02.xml"
},
{
"name": "20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493218/100/0/threaded"
},
{
"name": "30665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30665"
},
{
"name": "FEDORA-2008-5218",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html"
},
{
"name": "FEDORA-2008-5224",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html"
},
{
"name": "ADV-2008-1800",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1800/references"
},
{
"name": "MDVSA-2008:118",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118"
},
{
"name": "USN-685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-685-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=833770"
},
{
"name": "1020218",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020218"
},
{
"name": "30596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30596"
},
{
"name": "oval:org.mitre.oval:def:5785",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785"
},
{
"name": "ADV-2009-1612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1612"
},
{
"name": "30574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30574"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380"
},
{
"name": "35463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35463"
},
{
"name": "30615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT2163"
},
{
"name": "ADV-2008-1787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1787/references"
},
{
"name": "30648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q"
},
{
"name": "32664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32664"
},
{
"name": "ADV-2008-1981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1981/references"
},
{
"name": "ADV-2008-1801",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1801/references"
},
{
"name": "SUSE-SA:2008:039",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html"
},
{
"name": "[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.ingate.com/pipermail/productinfo/2008/000021.html"
},
{
"name": "31351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31351"
},
{
"name": "ADV-2008-1788",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1788/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm"
},
{
"name": "FEDORA-2008-5215",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html"
},
{
"name": "29623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29623"
},
{
"name": "31334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31334"
},
{
"name": "ADV-2008-2971",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"name": "oval:org.mitre.oval:def:10820",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820"
},
{
"name": "oval:org.mitre.oval:def:6414",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414"
},
{
"name": "30626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30626"
},
{
"name": "SSRT080082",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"name": "[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/09/1"
},
{
"name": "HPSBMA02439",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"name": "VU#878044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/878044"
},
{
"name": "30647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30647"
},
{
"name": "238865",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1"
},
{
"name": "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"name": "ADV-2008-1836",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1836/references"
},
{
"name": "33003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33003"
},
{
"name": "20080610 SNMP Version 3 Authentication Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml"
},
{
"name": "ADV-2008-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "31568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31568"
},
{
"name": "31467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31467"
},
{
"name": "APPLE-SA-2008-06-30",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"name": "DSA-1663",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1663"
},
{
"name": "TA08-162A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-006.html"
},
{
"name": "RHSA-2008:0528",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0528.html"
},
{
"name": "3933",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3933"
},
{
"name": "RHSA-2008:0529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0529.html"
},
{
"name": "30612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30612"
},
{
"name": "30802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30802"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=447974"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z"
},
{
"name": "5790",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5790"
},
{
"name": "ADV-2008-1797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1797/references"
},
{
"name": "GLSA-200808-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-02.xml"
},
{
"name": "20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493218/100/0/threaded"
},
{
"name": "30665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30665"
},
{
"name": "FEDORA-2008-5218",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html"
},
{
"name": "FEDORA-2008-5224",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html"
},
{
"name": "ADV-2008-1800",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1800/references"
},
{
"name": "MDVSA-2008:118",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118"
},
{
"name": "USN-685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-685-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=833770"
},
{
"name": "1020218",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020218"
},
{
"name": "30596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30596"
},
{
"name": "oval:org.mitre.oval:def:5785",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785"
},
{
"name": "ADV-2009-1612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1612"
},
{
"name": "30574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30574"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2008-0960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380"
},
{
"name": "35463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35463"
},
{
"name": "30615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30615"
},
{
"name": "http://support.apple.com/kb/HT2163",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT2163"
},
{
"name": "ADV-2008-1787",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1787/references"
},
{
"name": "30648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30648"
},
{
"name": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q"
},
{
"name": "32664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32664"
},
{
"name": "ADV-2008-1981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1981/references"
},
{
"name": "ADV-2008-1801",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1801/references"
},
{
"name": "SUSE-SA:2008:039",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html"
},
{
"name": "[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability",
"refsource": "MLIST",
"url": "http://lists.ingate.com/pipermail/productinfo/2008/000021.html"
},
{
"name": "31351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31351"
},
{
"name": "ADV-2008-1788",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1788/references"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm"
},
{
"name": "FEDORA-2008-5215",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html"
},
{
"name": "29623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29623"
},
{
"name": "31334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31334"
},
{
"name": "ADV-2008-2971",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"name": "oval:org.mitre.oval:def:10820",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820"
},
{
"name": "oval:org.mitre.oval:def:6414",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414"
},
{
"name": "30626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30626"
},
{
"name": "SSRT080082",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html",
"refsource": "MISC",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"name": "[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/06/09/1"
},
{
"name": "HPSBMA02439",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"name": "VU#878044",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/878044"
},
{
"name": "30647",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30647"
},
{
"name": "238865",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1"
},
{
"name": "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"name": "ADV-2008-1836",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1836/references"
},
{
"name": "33003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33003"
},
{
"name": "20080610 SNMP Version 3 Authentication Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml"
},
{
"name": "ADV-2008-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "31568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31568"
},
{
"name": "31467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31467"
},
{
"name": "APPLE-SA-2008-06-30",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"name": "DSA-1663",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1663"
},
{
"name": "TA08-162A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162A.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87"
},
{
"name": "http://www.ocert.org/advisories/ocert-2008-006.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2008-006.html"
},
{
"name": "RHSA-2008:0528",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0528.html"
},
{
"name": "3933",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3933"
},
{
"name": "RHSA-2008:0529",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0529.html"
},
{
"name": "30612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30612"
},
{
"name": "30802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30802"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=447974",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=447974"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z"
},
{
"name": "5790",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5790"
},
{
"name": "ADV-2008-1797",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1797/references"
},
{
"name": "GLSA-200808-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-02.xml"
},
{
"name": "20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493218/100/0/threaded"
},
{
"name": "30665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30665"
},
{
"name": "FEDORA-2008-5218",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html"
},
{
"name": "FEDORA-2008-5224",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html"
},
{
"name": "ADV-2008-1800",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1800/references"
},
{
"name": "MDVSA-2008:118",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118"
},
{
"name": "USN-685-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-685-1"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=833770",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=833770"
},
{
"name": "1020218",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020218"
},
{
"name": "30596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30596"
},
{
"name": "oval:org.mitre.oval:def:5785",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785"
},
{
"name": "ADV-2009-1612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1612"
},
{
"name": "30574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30574"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2008-0960",
"datePublished": "2008-06-10T18:00:00",
"dateReserved": "2008-02-25T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31380
Vulnerability from cvelistv5
Published
2021-10-19 18:17
Modified
2024-09-16 18:28
Severity ?
EPSS score ?
Summary
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://kb.juniper.net/JSA11248 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Juniper Networks | SRC Series |
Version: unspecified < 4.12.0R5 Version: 4.13.0 < 4.13.0R3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SRC Series",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "4.12.0R5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.13.0R3",
"status": "affected",
"version": "4.13.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-19T18:17:21",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11248"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 4.12.0R5, 4.13.0R3, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11248",
"defect": [
"1487222"
],
"discovery": "USER"
},
"title": "SRC Series: A remote attacker sending a specially crafted query may cause the web server to disclose sensitive information",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2021-10-13T16:00:00.000Z",
"ID": "CVE-2021-31380",
"STATE": "PUBLIC",
"TITLE": "SRC Series: A remote attacker sending a specially crafted query may cause the web server to disclose sensitive information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SRC Series",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.12.0R5"
},
{
"version_affected": "\u003c",
"version_name": "4.13.0",
"version_value": "4.13.0R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11248",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11248"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 4.12.0R5, 4.13.0R3, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11248",
"defect": [
"1487222"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue.\n\nTo reduce the risk of exploitation utilize common security BCPs to limit the exploitable surface by limiting access to network and device to trusted systems, administrators, networks and hosts."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2021-31380",
"datePublished": "2021-10-19T18:17:21.571211Z",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-09-16T18:28:42.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2008-06-10 18:32
Modified
2024-11-21 00:43
Severity ?
Summary
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:catos:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAC7FBF-2493-42CA-9B23-20AF09F0DDA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:catos:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE64E4C4-BACE-404F-966D-415976781DC4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:catos:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "377F951F-C2D8-441D-A532-F62E23937F94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:catos:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "34A3A284-36A9-4E8C-815D-6E2FE4C158DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.0:s:*:*:*:*:*:*",
"matchCriteriaId": "A5823F33-7FB3-465B-8017-1866D9EF3AA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.0:sy:*:*:*:*:*:*",
"matchCriteriaId": "94870E9E-C883-4051-8854-CDE0AE7A64B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.1:e:*:*:*:*:*:*",
"matchCriteriaId": "85C2FF9C-7730-4DBF-8C86-1EF0F1E71D8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:ewa:*:*:*:*:*:*",
"matchCriteriaId": "4A4AFC06-85C5-4AD0-A409-27F9AF398D7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:jk:*:*:*:*:*:*",
"matchCriteriaId": "EB593071-BB5A-47AD-B9C6-59D2010F6280",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:sb:*:*:*:*:*:*",
"matchCriteriaId": "74382B2D-E9A6-453D-9C07-F959EAB4C075",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:sg:*:*:*:*:*:*",
"matchCriteriaId": "B3D93383-BD5A-4052-B724-055F6FCFC314",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:sga:*:*:*:*:*:*",
"matchCriteriaId": "6B1E3C39-163D-4A99-AC96-2EE388305000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:sra:*:*:*:*:*:*",
"matchCriteriaId": "90710000-F963-4F36-9EE1-C3CE1CECDCA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:srb:*:*:*:*:*:*",
"matchCriteriaId": "5F4F8B9E-B2AB-4545-8ACF-8F03E636E842",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:src:*:*:*:*:*:*",
"matchCriteriaId": "6E2D6402-D2AF-4817-8A46-1FA9B17B720C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:sxb:*:*:*:*:*:*",
"matchCriteriaId": "79BB5494-735D-424B-8B41-2FAECE1A7AD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:sxd:*:*:*:*:*:*",
"matchCriteriaId": "FD6178BC-9741-4FC1-87DA-A5407B3A4F40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:sxf:*:*:*:*:*:*",
"matchCriteriaId": "2A419BD7-6345-43D8-B69C-2255E2EF6FD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:zl:*:*:*:*:*:*",
"matchCriteriaId": "B472DEEE-148A-46B4-BCBC-0A9F62F38B31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:zy:*:*:*:*:*:*",
"matchCriteriaId": "23305EBA-11D5-417E-823E-39D0D052839D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8D0F64-5DE1-4A6F-91F0-8A8509BF077F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:b:*:*:*:*:*:*",
"matchCriteriaId": "95418AD2-FB85-4E20-B874-D82DDF88BC91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:ja:*:*:*:*:*:*",
"matchCriteriaId": "14D1B81D-95E4-4945-94F2-C36FD7C0DC55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:jeb:*:*:*:*:*:*",
"matchCriteriaId": "452FF154-F6C0-4BC4-969E-1D49AA3CCE49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:jk:*:*:*:*:*:*",
"matchCriteriaId": "3AB6C57C-8805-443F-8ACE-83DAA48878CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:jl:*:*:*:*:*:*",
"matchCriteriaId": "554C9611-55F1-40AF-9862-7E902D5CE1D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:jx:*:*:*:*:*:*",
"matchCriteriaId": "F89C185A-D3B3-4F5F-9249-F8EE89E8DD04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:t:*:*:*:*:*:*",
"matchCriteriaId": "EEB0B55E-3579-4929-862F-C5FF9F796AE1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:xa:*:*:*:*:*:*",
"matchCriteriaId": "8E8E34D3-0BCB-4D19-A41C-0375941E1B21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:xg:*:*:*:*:*:*",
"matchCriteriaId": "09CBD68E-2A5C-43DF-9AD6-DE07815821B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:xi:*:*:*:*:*:*",
"matchCriteriaId": "01393D91-ED1D-460D-8621-10260F0CBDD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:xk:*:*:*:*:*:*",
"matchCriteriaId": "8AB2FF53-5991-4264-B5CC-D1E45460BFCE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:xr:*:*:*:*:*:*",
"matchCriteriaId": "1A1FAF42-B7B1-40B0-A0F7-5DF821E6193F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:yf:*:*:*:*:*:*",
"matchCriteriaId": "1BE94EA2-E0CC-4760-94A8-DE56C8181F74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:yi:*:*:*:*:*:*",
"matchCriteriaId": "929836AD-8128-4174-872D-B9638B54611C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:yt:*:*:*:*:*:*",
"matchCriteriaId": "5ED5B53D-930D-477E-A0F6-76167AE67641",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:yx:*:*:*:*:*:*",
"matchCriteriaId": "84983F6A-64F6-4720-9291-FC84CA10EE25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A60117-E4D1-4741-98A2-E643A26616A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:t:*:*:*:*:*:*",
"matchCriteriaId": "156B91B9-1F5B-4E83-A2B7-A5B7F272D5B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:xa:*:*:*:*:*:*",
"matchCriteriaId": "C9E90E83-1732-4BEF-BC5B-401769DC8880",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:xc:*:*:*:*:*:*",
"matchCriteriaId": "51679B26-DF28-4E41-9801-E1599F250FFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:xd:*:*:*:*:*:*",
"matchCriteriaId": "E989900F-BE66-47E4-9A1B-11B9785F89BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:xe:*:*:*:*:*:*",
"matchCriteriaId": "95A01B7E-8231-4001-A340-31CE66474FDA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:xj:*:*:*:*:*:*",
"matchCriteriaId": "3CC62D3B-A287-4DED-A44D-3351452D4A55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:xw:*:*:*:*:*:*",
"matchCriteriaId": "687E91FF-957E-449F-BDD6-85AA59E1E0D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79528F96-FD42-4A76-82EE-4B1324D53B5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D626B494-6210-4F74-8D17-BA480B6665C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82B6315D-7BEF-419F-9B93-3CF669E986D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "33CCFFC6-9D26-4C39-AF76-0B8FCDE743CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BC49F2-3DCB-45F0-9030-13F6415EE178",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB31FAC-D720-4BF1-BFCC-0A9B714E292A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "904CA41E-8168-41DE-AE84-941962A7BB71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D69F8FA-D58A-4F53-86D8-A20C73E9B299",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AD331C50-DB93-4001-B56A-C1012F894CDF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "75538529-611A-43B5-AC4D-089C4E2E2ACC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F992D03D-1DB8-44C1-B59D-1C09A32A2C91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8BC298-4AF9-4281-9AD9-0D8F621E46B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F2FE436B-2117-4FB4-B550-8454848D1D58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:nx_os:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69D2BD63-C110-4E89-B239-4A59E20AB78E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:nx_os:4.0.1:a:*:*:*:*:*:*",
"matchCriteriaId": "43E5FFB6-861D-4F91-B3C9-C5E57DDD25C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:nx_os:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD3BD3D-767D-483D-9FFE-D23AA2E228E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ecos_sourceware:ecos:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6762126F-55E4-4963-99F5-206A46979E7C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ecos_sourceware:ecos:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1945B97A-8276-4EE2-8F76-5F0C0956DF18",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ecos_sourceware:ecos:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8CA81F-2AB6-45F8-8AAE-BF6A7EDA73D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ecos_sourceware:ecos:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2452913-0513-46BB-A52E-8FA12D77B570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ecos_sourceware:ecos:2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "5D967624-23B1-48BB-91DB-1E1C18AAAD85",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18CCF3B9-CA7D-4D37-BD2C-1B74586B98A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A0AB8C2-EE95-48AA-98B7-B6ED40494A0A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "77930529-89BE-463D-8259-3D67D153284A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "743DEB17-3BE3-4278-A54B-2CE547DB9F31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCAF8C2-0E4E-4474-BD1E-F28A6EAEF8F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BCA127-F5F3-418F-890D-6B1C03019590",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5A2C2F-ABF4-46B0-80AB-867B97AE5237",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BE83150C-456E-462A-A0F1-ED8EAD60D671",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BF5B2431-335C-461B-B07F-88267EA71DCD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9DBA8E67-021A-4D07-94B9-943A8E1C4468",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "905D1F04-CDFD-4BAD-8939-5ABC70A874E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00878E69-2721-43E3-A853-D3DCFE5C258D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C51799BB-D931-436C-8C94-558956AC880A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1ACC549-B5AF-4F5C-A3FE-257AA6D80C7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D498D406-A453-4119-BBA1-4709CF5862AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D68555E-BEB9-4F1E-8D6D-C313FB501523",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B44A0D4-3020-414B-81D7-679E8441E182",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:solaris:10.0:unkown:x86:*:*:*:*:*",
"matchCriteriaId": "B76A8BD4-E53F-49A6-946B-6E672DD0419C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E75493D0-F060-4CBA-8AB0-C4FE8B2A8C9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ace_10_6504_bundle_with_4_gbps_throughput:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1C6B46B-13E2-4DA4-9EF2-007893034269",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_10_6509_bundle_with_8_gbps_throughput:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C501EB-CF9F-437D-A7C0-2A12F1D5E171",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_10_service_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "538FE81A-2FD9-4A7C-AEC7-8FCE98DADBE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_20_6504_bundle_with__4gbps_throughput:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15D3471D-6267-4481-8BBD-BFC106E8F30B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_20_6509_bundle_with_8gbps_throughput:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13FB3C8A-87D3-4601-BD97-2B9F9FA8CA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_20_service_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0292228-80D8-4BA4-8662-698D7003D7D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_xml_gateway:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "522C9080-86A6-40A8-905C-73187DAF83F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_xml_gateway:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1B7A18-F230-44D4-801E-8284085CA1DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9120:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E62CC4C-89A7-4594-BDD8-394211889220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9124:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E152F995-BCD2-4725-A47C-1A5E7D6B9005",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9134:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51E38404-ED69-4B0E-A035-2AF5E0649CC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9140:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A90F0A06-A634-4BD0-A477-90BD3384B7D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "346E0D1B-CF9E-48BC-AE7A-F8CEF09F6741",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0123D2ED-3983-45D3-B54A-3E75FCE99C6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66CA6C29-1DF1-46E3-BDCA-9ED72D3E6731",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E50E974E-87F5-45A2-88BA-B1E4913E3DAD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AB25CC-BB96-4675-98D7-C5FF30C24014",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7C95AD-3D5F-458B-A761-5D7779FEA327",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E4A3F6-5D89-47D0-84AD-601682399D8B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C700A36D-5FB4-475D-BE85-74511830870A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02060365-1D67-4611-8D79-B9FC354EBF99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "194BD880-F672-4492-8356-B14C8DA8C2DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D769FC-3081-48F8-BBF1-3964F3F8B569",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A966DB26-8A52-4F4D-9C0E-8A8719A195AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6675DF0-963A-4091-9786-7CE3337EE47E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77A94931-8584-4021-A5BB-83FF22D54955",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F06FB120-9BB3-4363-B2A2-A3475993FDFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8229DE3A-B9CB-44FF-8409-51E09DDED479",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAD7A89-294A-45DA-B5F5-C69F7FCC4A5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2699E7A6-7B3A-4C4C-9472-B8B6B547624D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D913348F-351C-4D78-A0AA-27B355D52235",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E88A46-CEC7-46D5-9697-232E18531FD5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F16B8D0-81F5-4ECE-8276-EC30DDCCE1A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0ECFBAFE-9267-469A-A97F-F716969B247C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48F839C7-7B33-4BF6-9ACF-76F32F5D7C72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1559E6-E7B6-4B5B-8841-CF502E05BA46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F041246F-5B7F-4F63-9E81-02465C9062C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB78013-DEE9-438E-ABD1-5E3D932177BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D77447C3-AA72-4CAB-A0B1-0883D41AD064",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "473038C0-1644-4FF2-A1DA-BCB8A7CD1CA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C3F04F-7581-4DCA-970D-9FCBB56EA724",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABF04A7-8230-4AB9-8D66-DF1463037823",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC205E36-7027-4A9B-8574-9BB9C68007A5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69C55DD7-986A-4AB6-8F61-5A5D26531011",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84DDD7E4-D5D7-4341-9482-2B918306578D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14A3C59C-6A3D-477B-B425-1C085D6951E3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31AA57F4-5023-4333-9F19-C9D362E8E495",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "063034FF-0AB8-4D78-9822-0DCA9657C853",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67477EC7-363E-45B5-BA53-1A4E9FB20CDE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78E11F95-E635-465C-BD7F-5F7E9192DEAC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F145F0-573E-4CBC-AB69-3B77D6F9A540",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DA7D86-8845-43CA-80DC-3D794322CB28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD34FEB-7956-44AE-A510-2E5F9EF61651",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DEF5098-3791-4CEB-A436-2809A4385D27",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D895880-FB98-4472-A164-458CE086F339",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7912AA3-0469-479E-9C5A-53F20E504956",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8677C6C8-39CA-492A-A196-9DFAF892120C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51FA6F2A-8444-4BB2-B7F2-B97AEFFF9E27",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60E46CAD-0032-4CD6-AA2A-871E1DFC3A35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22CE55DE-00CA-4F87-9CA0-80A360E332FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63DC81FA-A6B4-41DC-8097-8944D06A2451",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB87853E-CAFF-48D8-9C56-A2DE325235D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61E35451-BEE3-412A-8706-5522C00BE1DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E599E0CE-CCB7-4A30-8AA9-45BBC11AFEC2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F45326B3-CC4E-4C3A-9819-28936A0432F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBF1A78-7190-4326-84BD-C18CC354DA38",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D97FFBA0-2E80-40EF-A4AC-F26D3490371E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A442F5B-5A1A-4CD0-B693-851FFB917E5D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "074BCB70-AD66-4141-9DD3-9DE73BDCB0F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "646BF70F-CB7B-48E3-8563-E089E1CECD11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD34A7B-508C-45F2-8725-FE42398D3652",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2785732-A5C7-434E-B45D-13138B574F45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "989A4E8A-F23D-4BF5-B860-FB7B04A1CE56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A07E1241-24BE-48D3-B737-56B2AAA3AF64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB751FD-CCCA-4131-A24F-65DEF1128B26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:session_and_resource_control:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D106F4E4-4B41-4002-8C34-6A9C3A0FF640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:session_and_resource_control:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863583DC-DD93-46DC-BA06-0B838CDB2565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:src_pe:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D50E1B4-A64E-45D5-8A44-947DE7B8AAD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:src_pe:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5F1A8F-5ED9-4ED0-A336-A0E4A439E6F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte."
},
{
"lang": "es",
"value": "Una comprobaci\u00f3n SNMPv3 HMAC en (1) Net-SNMP versi\u00f3n 5.2.x anterior a 5.2.4.1, versi\u00f3n 5.3.x anterior a 5.3.2.1 y versi\u00f3n 5.4.x anterior a 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) C-series versi\u00f3n 1.0.0 hasta 2.0.0 de Juniper Session and Resource Control (SRC); (5) Data de NetApp (tambi\u00e9n se conoce como Network Appliance) ONTAP versiones 7.3RC1 y 7.3RC2; (6) SNMP Research versi\u00f3n anterior a 16.2; (7) m\u00faltiples productos Cisco IOS, CatOS, ACE y Nexus; (8) Ingate Firewall versi\u00f3n 3.1.0 y posterior y SIParator versi\u00f3n 3.1.0 y posterior; (9) HP OpenView SNMP Emanate Master Agent versi\u00f3n 15.x; y posiblemente otros productos dependen del cliente para especificar la longitud del HMAC, lo que facilita que los atacantes remotos omitan la autenticaci\u00f3n SNMP por medio de un valor de longitud de 1, que solo comprueba el primer byte."
}
],
"id": "CVE-2008-0960",
"lastModified": "2024-11-21T00:43:19.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-10T18:32:00.000",
"references": [
{
"source": "cret@cert.org",
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.ingate.com/pipermail/productinfo/2008/000021.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html"
},
{
"source": "cret@cert.org",
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"source": "cret@cert.org",
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"source": "cret@cert.org",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0528.html"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30574"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30596"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/30612"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30615"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30626"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30647"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30648"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30665"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30802"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31334"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31351"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31467"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31568"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32664"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33003"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/35463"
},
{
"source": "cret@cert.org",
"url": "http://security.gentoo.org/glsa/glsa-200808-02.xml"
},
{
"source": "cret@cert.org",
"url": "http://securityreason.com/securityalert/3933"
},
{
"source": "cret@cert.org",
"url": "http://sourceforge.net/forum/forum.php?forum_id=833770"
},
{
"source": "cret@cert.org",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380"
},
{
"source": "cret@cert.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1"
},
{
"source": "cret@cert.org",
"url": "http://support.apple.com/kb/HT2163"
},
{
"source": "cret@cert.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2008/dsa-1663"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/878044"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118"
},
{
"source": "cret@cert.org",
"url": "http://www.ocert.org/advisories/ocert-2008-006.html"
},
{
"source": "cret@cert.org",
"url": "http://www.openwall.com/lists/oss-security/2008/06/09/1"
},
{
"source": "cret@cert.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0529.html"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/archive/1/493218/100/0/threaded"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/29623"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1020218"
},
{
"source": "cret@cert.org",
"url": "http://www.ubuntu.com/usn/usn-685-1"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162A.html"
},
{
"source": "cret@cert.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"source": "cret@cert.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2008/1787/references"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2008/1788/references"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2008/1797/references"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2008/1800/references"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2008/1801/references"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2008/1836/references"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2008/1981/references"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2009/1612"
},
{
"source": "cret@cert.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=447974"
},
{
"source": "cret@cert.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820"
},
{
"source": "cret@cert.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785"
},
{
"source": "cret@cert.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414"
},
{
"source": "cret@cert.org",
"url": "https://www.exploit-db.com/exploits/5790"
},
{
"source": "cret@cert.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html"
},
{
"source": "cret@cert.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html"
},
{
"source": "cret@cert.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.ingate.com/pipermail/productinfo/2008/000021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0528.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/forum/forum.php?forum_id=833770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT2163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2008/dsa-1663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/878044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/advisories/ocert-2008-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/06/09/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0529.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493218/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/29623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-685-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1787/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1788/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1797/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1800/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1801/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1836/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1981/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=447974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-19 19:15
Modified
2024-11-21 06:05
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11248 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA11248 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | session_and_resource_control | * | |
| juniper | session_and_resource_control | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:session_and_resource_control:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3DEF7F-E8BF-4BB8-9989-8D4CFAE5539A",
"versionEndExcluding": "4.12.0r5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:session_and_resource_control:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0478F1B6-0A80-4CE2-9AF5-251A02BBAC5F",
"versionEndExcluding": "4.13.0r3",
"versionStartIncluding": "4.13.0r1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system."
},
{
"lang": "es",
"value": "Una debilidad de configuraci\u00f3n en el componente JBoss Application Server (AppSvr) de Juniper Networks SRC Series permite a un atacante remoto enviar una consulta especialmente dise\u00f1ada para causar que el servidor web elimine archivos, lo que puede permitir al atacante interrumpir la integridad y disponibilidad del sistema"
}
],
"id": "CVE-2021-31381",
"lastModified": "2024-11-21T06:05:33.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-19T19:15:11.193",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11248"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
},
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-19 19:15
Modified
2024-11-21 06:05
Severity ?
Summary
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11248 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA11248 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | session_and_resource_control | * | |
| juniper | session_and_resource_control | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:session_and_resource_control:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3DEF7F-E8BF-4BB8-9989-8D4CFAE5539A",
"versionEndExcluding": "4.12.0r5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:session_and_resource_control:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0478F1B6-0A80-4CE2-9AF5-251A02BBAC5F",
"versionEndExcluding": "4.13.0r3",
"versionStartIncluding": "4.13.0r1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information."
},
{
"lang": "es",
"value": "Una debilidad de configuraci\u00f3n en el componente JBoss Application Server (AppSvr) de Juniper Networks SRC Series permite a un atacante remoto enviar una consulta especialmente dise\u00f1ada para causar que el servidor web revele informaci\u00f3n confidencial en la respuesta HTTP, lo que permite al atacante conseguir informaci\u00f3n confidencial"
}
],
"id": "CVE-2021-31380",
"lastModified": "2024-11-21T06:05:33.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
},
"published": "2021-10-19T19:15:11.133",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11248"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
},
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-19 19:15
Modified
2024-11-21 06:05
Severity ?
Summary
An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sirt@juniper.net | https://kb.juniper.net/JSA11217 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.juniper.net/JSA11217 | Exploit, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| juniper | session_and_resource_control | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:session_and_resource_control:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F859871E-2194-4F8D-8978-26A032CF77D1",
"versionEndExcluding": "4.130r6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain sensitive information. A remote attacker with read and write access to network data could exploit this vulnerability to display plaintext bits from a block of ciphertext and obtain sensitive information. This issue affects all Juniper Networks SRC Series versions prior to 4.13.0-R6."
},
{
"lang": "es",
"value": "Una vulnerabilidad de exposici\u00f3n de informaci\u00f3n en los dispositivos de Juniper Networks SRC Series configurados para NETCONF sobre SSH permite una negociaci\u00f3n de cifrados d\u00e9biles, lo que podr\u00eda permitir a un atacante remoto conseguir informaci\u00f3n confidencial. Un atacante remoto con acceso de lectura y escritura a los datos de la red podr\u00eda aprovechar esta vulnerabilidad para mostrar bits de texto plano de un bloque de texto cifrado y conseguir informaci\u00f3n confidencial. Este problema afecta a todas las versiones de Juniper Networks SRC Series anteriores a 4.13.0-R6"
}
],
"id": "CVE-2021-31352",
"lastModified": "2024-11-21T06:05:28.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "sirt@juniper.net",
"type": "Secondary"
}
]
},
"published": "2021-10-19T19:15:08.660",
"references": [
{
"source": "sirt@juniper.net",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://kb.juniper.net/JSA11217"
}
],
"sourceIdentifier": "sirt@juniper.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "sirt@juniper.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}