Search criteria

48 vulnerabilities by FreeRadius

CVE-2024-3596 (GCVE-0-2024-3596)

Vulnerability from cvelistv5 – Published: 2024-07-09 12:02 – Updated: 2026-05-12 11:30
VLAI
Title
RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.
Summary
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Severity
9 (Critical)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
IETF RFC Affected: 2865
Create a notification for this product.
Credits
Thanks to Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl who researched and reported this vulnerability
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ietf:rfc:2865:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "rfc",
            "vendor": "ietf",
            "versions": [
              {
                "status": "affected",
                "version": "2865"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-3596",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T03:55:37.141738Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-04T21:05:25.373Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:20:52.225Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20240822-0001/"
          },
          {
            "url": "https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://datatracker.ietf.org/doc/html/rfc2865"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.blastradius.fail/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/456537"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "CPC80 Central Processing/Communication",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V16.51",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "CPCI85 Central Processing/Communication",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "POWER METER SICAM Q100 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.70",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "POWER METER SICAM Q200 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.83",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "Powerlink IP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM APE1808",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM APE1808",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM CROSSBOW",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM i800",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM i800NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM i801",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM i801NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM i802",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM i802NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM i803",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM i803NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM M2100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM M2100NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM M2200",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM M2200NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM M969",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM M969NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RM1224 LTE(4G) EU",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RM1224 LTE(4G) NAM",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RMC30",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RMC30NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RMC8388 V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RMC8388 V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RMC8388NC V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RMC8388NC V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX MX5000",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX MX5000RE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1400",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1500",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1501",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1510",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1511",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1512",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1524",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX1536",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM ROX RX5000",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.17.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RP110",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RP110NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS1600",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS1600F",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS1600FNC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS1600NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS1600T",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS1600TNC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS400",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS400NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS401",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS401NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS416",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS416NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS416NCv2 V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS416NCv2 V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS416P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS416PNC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS416PNCv2 V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS416PNCv2 V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS416Pv2 V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS416Pv2 V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS416v2 V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS416v2 V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS8000",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS8000A",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS8000ANC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS8000H",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS8000HNC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS8000NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS8000T",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS8000TNC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900 (32M) V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900 (32M) V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900G",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900G (32M) V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900G (32M) V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900GNC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900GNC(32M) V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900GNC(32M) V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900GP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900GPNC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900L",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900LNC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900M-GETS-C01",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900M-GETS-XX",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900M-STND-C01",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900M-STND-XX",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900MNC-GETS-C01",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900MNC-GETS-XX",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900MNC-STND-XX",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900MNC-STND-XX-C01",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900NC(32M) V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900NC(32M) V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS900W",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS910",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS910L",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS910LNC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS910NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS910W",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS920L",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS920LNC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS920W",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS930L",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS930LNC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS930W",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS940G",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS940GNC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS969",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RS969NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2100 (32M) V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2100 (32M) V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2100NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2100NC(32M) V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2100NC(32M) V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2100P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2100P (32M) V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2100P (32M) V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2100PNC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2100PNC (32M) V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2100PNC (32M) V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2200",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2200NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2288 V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2288 V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2288NC V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2288NC V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2300 V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2300 V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2300NC V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2300NC V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2300P V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2300P V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2300PNC V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2300PNC V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2488 V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2488 V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2488NC V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG2488NC V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG907R",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG908C",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG909R",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG910C",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG920P V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG920P V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG920PNC V4.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSG920PNC V5.X",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSL910",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RSL910NC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2228",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2228P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2428P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST916C",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST916P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE M804PB",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE M812-1 ADSL-Router",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE M812-1 ADSL-Router",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE M816-1 ADSL-Router",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE M816-1 ADSL-Router",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE M826-2 SHDSL-Router",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE M874-2",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE M874-3",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE M874-3 3G-Router (CN)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE M876-3",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE M876-3 (ROK)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE M876-4",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE M876-4 (EU)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE M876-4 (NAM)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE MUM853-1 (A1)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE MUM853-1 (B1)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE MUM853-1 (EU)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE MUM856-1 (A1)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE MUM856-1 (B1)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE MUM856-1 (CN)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE MUM856-1 (EU)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE MUM856-1 (RoW)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE S615 EEC LAN-Router",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE S615 LAN-Router",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE SC622-2C",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE SC626-2C",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE SC632-2C",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE SC636-2C",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE SC642-2C",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE SC646-2C",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W1748-1 M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W1748-1 M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W1788-1 M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W1788-2 EEC M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W1788-2 M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W1788-2IA M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W721-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W721-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W722-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W722-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W722-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W734-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W734-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W734-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W734-1 RJ45 (USA)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W738-1 M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W738-1 M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W748-1 M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W748-1 M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W748-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W748-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W761-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W761-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W774-1 M12 EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W774-1 M12 EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W774-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W774-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W774-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W774-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W774-1 RJ45 (USA)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W778-1 M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W778-1 M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W778-1 M12 EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W778-1 M12 EEC (USA)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W786-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W786-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W786-2 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W786-2 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W786-2 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W786-2 SFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W786-2 SFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W786-2IA RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W786-2IA RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W788-1 M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W788-1 M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W788-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W788-1 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W788-2 M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W788-2 M12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W788-2 M12 EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W788-2 M12 EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W788-2 M12 EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W788-2 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W788-2 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE W788-2 RJ45",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V6.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WAB762-1",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WAM763-1",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WAM763-1 (ME)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WAM763-1 (US)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WAM766-1",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WAM766-1 (ME)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WAM766-1 (US)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WAM766-1 EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WAM766-1 EEC (ME)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WAM766-1 EEC (US)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WUB762-1",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WUB762-1 iFeatures",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WUM763-1",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WUM763-1",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WUM763-1 (US)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WUM763-1 (US)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WUM766-1",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WUM766-1 (ME)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE WUM766-1 (USA)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X302-7 EEC (230V, coated)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X302-7 EEC (230V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X302-7 EEC (24V, coated)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X302-7 EEC (24V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X302-7 EEC (2x 230V, coated)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X302-7 EEC (2x 230V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X302-7 EEC (2x 24V, coated)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X302-7 EEC (2x 24V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X304-2FE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X306-1LD FE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X307-2 EEC (230V, coated)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X307-2 EEC (230V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X307-2 EEC (24V, coated)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X307-2 EEC (24V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X307-2 EEC (2x 230V, coated)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X307-2 EEC (2x 230V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X307-2 EEC (2x 24V, coated)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X307-2 EEC (2x 24V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X307-3",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X307-3",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X307-3LD",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X307-3LD",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X308-2",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X308-2",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X308-2LD",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X308-2LD",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X308-2LH",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X308-2LH",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X308-2LH+",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X308-2LH+",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X308-2M",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X308-2M",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X308-2M PoE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X308-2M PoE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X308-2M TS",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X308-2M TS",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X310",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X310",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X310FE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X310FE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X320-1 FE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X320-1-2LD FE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE X408-2",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB205-3 (SC, PN)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB205-3 (ST, E/IP)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB205-3 (ST, E/IP)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB205-3 (ST, PN)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB205-3LD (SC, E/IP)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB205-3LD (SC, PN)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB206-2 (SC)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB206-2 (ST/BFOC)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB206-2 LD",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB206-2 SC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB206-2 ST",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB206-2LD",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB208 (E/IP)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB208 (PN)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB213-3 (SC, E/IP)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB213-3 (SC, PN)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB213-3 (ST, E/IP)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB213-3 (ST, PN)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB213-3LD (SC, E/IP)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB213-3LD (SC, PN)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB216 (E/IP)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XB216 (PN)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC206-2 (SC)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC206-2 (ST/BFOC)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC206-2G PoE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC206-2G PoE (54 V DC)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC206-2G PoE EEC (54 V DC)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC206-2SFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC206-2SFP EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC206-2SFP G",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC206-2SFP G (EIP DEF.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC206-2SFP G EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC208",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC208EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC208G",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC208G (EIP def.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC208G EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC208G PoE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC208G PoE (54 V DC)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC216",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC216-3G PoE",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC216-3G PoE (54 V DC)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC216-4C",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC216-4C G",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC216-4C G (EIP Def.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC216-4C G EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC216EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC224",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC224-4C G",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC224-4C G (EIP Def.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC224-4C G EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC316-8",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC324-4",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC324-4 EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC332",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC416-8",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC424-4",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC432",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCH328",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM324",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM328",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM332",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XF204",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XF204 DNA",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XF204-2BA",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XF204-2BA DNA",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XF204G",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XM408-4C",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XM408-4C (L3 int.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XM408-8C",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XM408-8C (L3 int.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XM416-4C",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XM416-4C (L3 int.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP208",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP208",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP208 (Ethernet/IP)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP208EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP208EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP208G",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP208G EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP208G PoE EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP208G PP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP208PoE EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP208PoE EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP216",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP216 (Ethernet/IP)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP216 (V2)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP216EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP216EEC (V2)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP216G",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP216G EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP216G PoE EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP216POE EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XP216PoE EEC (V2)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR302-32",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR302-32",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR302-32",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR322-12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR322-12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR322-12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-12M (230V, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-12M (230V, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-12M (230V, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-12M (230V, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-12M (24V, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-12M (24V, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-12M (24V, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-12M (24V, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-12M TS (24V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-12M TS (24V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (24V, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (24V, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M PoE (230V, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M PoE (230V, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M PoE (24V, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M PoE (24V, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324WG (24 x FE, AC 230V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR324WG (24 X FE, DC 24V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR326-2C PoE WG",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR326-2C PoE WG (without UL)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR326-8",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR326-8",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR326-8",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR326-8 EEC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR502-32",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR502-32",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR502-32",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR522-12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR522-12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR522-12",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR524-8C, 1x230V",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR524-8C, 1x230V (L3 int.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR524-8C, 24V",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR524-8C, 24V (L3 int.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR524-8C, 2x230V",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR524-8C, 2x230V (L3 int.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR524-8WG",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR524-8WG",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR524-8WG",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR524-8WG",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR526-8",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR526-8",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR526-8",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR526-8C, 1x230V",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR526-8C, 1x230V (L3 int.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR526-8C, 24V",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR526-8C, 24V (L3 int.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR526-8C, 2x230V",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR526-8C, 2x230V (L3 int.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR528-6M",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR528-6M (2HR2, L3 int.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR528-6M (2HR2)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR528-6M (L3 int.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR552-12M",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR552-12M (2HR2, L3 int.)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR552-12M (2HR2)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XR552-12M (2HR2)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRH334 (24 V DC, 8xFO, CC)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (230 V AC, 12xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (230 V AC, 8xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (24 V DC, 12xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (24 V DC, 8xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (2x230 V AC, 12xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (2x230 V AC, 8xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SICAM AK 3",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SICAM BC",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SICAM GridEdge (Classic)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SICAM GridEdge Applications for SICAM 8 Platform",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SICAM GridPass",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.50",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SICAM TM",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SICORE Base system",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.20.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SINEC INS",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V1.0 SP2 Update 4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS NET SCALANCE X308-2",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.1.9",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS NET SCALANCE XC206-2",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS NET SCALANCE XC206-2SFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS NET SCALANCE XC208",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS NET SCALANCE XC216-4C",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 - CP200 Devices",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 6MD84 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 6MD85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 6MD86 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 6MD89 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 6MD89 (CP300) V9.6x",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.68",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 6MU85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7KE85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SA82 (CP100)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.90",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SA82 (CP150)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SA86 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SA87 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SD82 (CP100)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.90",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SD82 (CP150)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SD86 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SD87 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SJ81 (CP100)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.90",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SJ81 (CP150)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SJ82 (CP100)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.90",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SJ82 (CP150)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SJ85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SJ86 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SK82 (CP100)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.90",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SK82 (CP150)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SK85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SL82 (CP100)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.90",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SL82 (CP150)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SL86 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SL87 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SS85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7ST85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7ST85 (CP300) V9.6x",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.68",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7ST86 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7ST86 (CP300) V9.8x",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V9.83",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SX82 (CP150)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SX85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7SY82 (CP150)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7UM85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7UT82 (CP100)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V8.90",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7UT82 (CP150)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7UT85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7UT86 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7UT87 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7VE85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7VK87 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "V7.80",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 7VU85 (CP300)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPROTEC 5 Compact 7SX800 (CP050)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V10.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T11:30:39.787Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-723487.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-770770.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-794185.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RFC",
          "vendor": "IETF",
          "versions": [
            {
              "status": "affected",
              "version": "2865"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks to Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl who researched and reported this vulnerability"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-328: Use of Weak Hash",
              "lang": "en"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-03T17:29:16.788Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://datatracker.ietf.org/doc/html/rfc2865"
        },
        {
          "url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
        },
        {
          "url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
        },
        {
          "url": "https://www.blastradius.fail/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/09/4"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014"
        },
        {
          "name": "Siemens Security Advisory by Siemens ProductCERT for  SIPROTEC, SICAM and related product",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-794185.html"
        },
        {
          "name": "Siemens Security Advisory by Siemens ProductCERT to SCALANCE, RUGGEDCOM and related products.",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-723487.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.",
      "x_generator": {
        "engine": "VINCE 3.0.4",
        "env": "prod",
        "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3596"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2024-3596",
    "datePublished": "2024-07-09T12:02:53.001Z",
    "dateReserved": "2024-04-10T15:09:45.391Z",
    "dateUpdated": "2026-05-12T11:30:39.787Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-41860 (GCVE-0-2022-41860)

Vulnerability from cvelistv5 – Published: 2023-01-17 00:00 – Updated: 2025-11-03 19:27
VLAI
Summary
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.
Severity
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a freeradius Affected: All versions from 0.9.3 to 3.0.25
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:27:38.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://freeradius.org/security/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00030.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-41860",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T16:39:17.283850Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-07T16:39:35.420Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "freeradius",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions from 0.9.3 to 3.0.25"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-17T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://freeradius.org/security/"
        },
        {
          "url": "https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-41860",
    "datePublished": "2023-01-17T00:00:00.000Z",
    "dateReserved": "2022-09-30T00:00:00.000Z",
    "dateUpdated": "2025-11-03T19:27:38.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-41859 (GCVE-0-2022-41859)

Vulnerability from cvelistv5 – Published: 2023-01-17 00:00 – Updated: 2025-11-03 19:27
VLAI
Summary
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.
Severity
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a freeradius Affected: unknown
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:27:37.502Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://freeradius.org/security/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00030.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-41859",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T16:40:02.278497Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-07T16:40:36.415Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "freeradius",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "unknown"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-17T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://freeradius.org/security/"
        },
        {
          "url": "https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-41859",
    "datePublished": "2023-01-17T00:00:00.000Z",
    "dateReserved": "2022-09-30T00:00:00.000Z",
    "dateUpdated": "2025-11-03T19:27:37.502Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-41861 (GCVE-0-2022-41861)

Vulnerability from cvelistv5 – Published: 2023-01-17 00:00 – Updated: 2025-11-03 19:27
VLAI
Summary
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
Severity
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a freeradius Affected: All versions from 0.0.1 to 3.0.25
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:27:40.244Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://freeradius.org/security/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00030.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-41861",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T16:27:46.890633Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-07T16:28:17.085Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "freeradius",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions from 0.0.1 to 3.0.25"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-17T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://freeradius.org/security/"
        },
        {
          "url": "https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-41861",
    "datePublished": "2023-01-17T00:00:00.000Z",
    "dateReserved": "2022-09-30T00:00:00.000Z",
    "dateUpdated": "2025-11-03T19:27:40.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2019-17185 (GCVE-0-2019-17185)

Vulnerability from cvelistv5 – Published: 2020-03-21 00:13 – Updated: 2024-08-05 01:33
VLAI
Summary
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:33:17.262Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://freeradius.org/security/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20"
          },
          {
            "name": "openSUSE-SU-2020:0553",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-26T17:06:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://freeradius.org/security/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20"
        },
        {
          "name": "openSUSE-SU-2020:0553",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17185",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://freeradius.org/security/",
              "refsource": "MISC",
              "url": "https://freeradius.org/security/"
            },
            {
              "name": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20",
              "refsource": "CONFIRM",
              "url": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20"
            },
            {
              "name": "openSUSE-SU-2020:0553",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17185",
    "datePublished": "2020-03-21T00:13:05.000Z",
    "dateReserved": "2019-10-04T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:33:17.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-9542 (GCVE-0-2015-9542)

Vulnerability from cvelistv5 – Published: 2020-02-24 14:14 – Updated: 2024-08-06 08:51
VLAI
Summary
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
https://github.com/FreeRADIUS/pam_radius/commit/0… x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020… mailing-listx_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… x_refsource_CONFIRM
https://usn.ubuntu.com/4290-1/ vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/4290-2/ vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2020… mailing-listx_refsource_MLIST
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:51:05.242Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FreeRADIUS/pam_radius/commit/01173ec2426627dbb1e0d96c06c3ffa0b14d36d0"
          },
          {
            "name": "[debian-lts-announce] 20200222 [SECURITY] [DLA 2116-1] libpam-radius-auth security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00023.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542"
          },
          {
            "name": "USN-4290-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4290-1/"
          },
          {
            "name": "USN-4290-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4290-2/"
          },
          {
            "name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2304-1] libpam-radius-auth security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-01T19:06:06.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FreeRADIUS/pam_radius/commit/01173ec2426627dbb1e0d96c06c3ffa0b14d36d0"
        },
        {
          "name": "[debian-lts-announce] 20200222 [SECURITY] [DLA 2116-1] libpam-radius-auth security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00023.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542"
        },
        {
          "name": "USN-4290-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4290-1/"
        },
        {
          "name": "USN-4290-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4290-2/"
        },
        {
          "name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2304-1] libpam-radius-auth security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-9542",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FreeRADIUS/pam_radius/commit/01173ec2426627dbb1e0d96c06c3ffa0b14d36d0",
              "refsource": "MISC",
              "url": "https://github.com/FreeRADIUS/pam_radius/commit/01173ec2426627dbb1e0d96c06c3ffa0b14d36d0"
            },
            {
              "name": "[debian-lts-announce] 20200222 [SECURITY] [DLA 2116-1] libpam-radius-auth security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00023.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542"
            },
            {
              "name": "USN-4290-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4290-1/"
            },
            {
              "name": "USN-4290-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4290-2/"
            },
            {
              "name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2304-1] libpam-radius-auth security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00000.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-9542",
    "datePublished": "2020-02-24T14:14:13.000Z",
    "dateReserved": "2020-02-11T00:00:00.000Z",
    "dateUpdated": "2024-08-06T08:51:05.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-13456 (GCVE-0-2019-13456)

Vulnerability from cvelistv5 – Published: 2019-12-03 19:53 – Updated: 2024-08-04 23:49
VLAI
Summary
In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:49:25.031Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://freeradius.org/security/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpa3.mathyvanhoef.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa"
          },
          {
            "name": "openSUSE-SU-2020:0553",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the \"Dragonblood\" attack and CVE-2019-9494."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-26T17:06:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://freeradius.org/security/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpa3.mathyvanhoef.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa"
        },
        {
          "name": "openSUSE-SU-2020:0553",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-13456",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the \"Dragonblood\" attack and CVE-2019-9494."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://freeradius.org/security/",
              "refsource": "MISC",
              "url": "https://freeradius.org/security/"
            },
            {
              "name": "https://wpa3.mathyvanhoef.com",
              "refsource": "MISC",
              "url": "https://wpa3.mathyvanhoef.com"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737663"
            },
            {
              "name": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa",
              "refsource": "CONFIRM",
              "url": "https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa"
            },
            {
              "name": "openSUSE-SU-2020:0553",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00039.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-13456",
    "datePublished": "2019-12-03T19:53:53.000Z",
    "dateReserved": "2019-07-09T00:00:00.000Z",
    "dateUpdated": "2024-08-04T23:49:25.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-10143 (GCVE-0-2019-10143)

Vulnerability from cvelistv5 – Published: 2019-05-24 00:00 – Updated: 2024-08-04 22:10 Disputed
VLAI
Summary
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
Severity
6.4 (Medium)
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
freeradius freeradius Affected: affects <= 3.0.19
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "freeradius",
            "vendor": "freeradius",
            "versions": [
              {
                "lessThanOrEqual": "3.0.19",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fedora",
            "vendor": "fedoraproject",
            "versions": [
              {
                "status": "affected",
                "version": "30"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fedora",
            "vendor": "fedoraproject",
            "versions": [
              {
                "status": "affected",
                "version": "29"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_linux",
            "vendor": "redhat",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-10143",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-01T19:23:06.388705Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:24:21.005Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:10:10.031Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2019-4a8eeaf80e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/"
          },
          {
            "name": "FEDORA-2019-9454ce61b2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/"
          },
          {
            "name": "RHSA-2019:3353",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3353"
          },
          {
            "name": "20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Nov/14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://freeradius.org/security/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FreeRADIUS/freeradius-server/pull/2666"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "freeradius",
          "vendor": "freeradius",
          "versions": [
            {
              "status": "affected",
              "version": "affects \u003c= 3.0.19"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated \"there is simply no way for anyone to gain privileges through this alleged issue.\""
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-12T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2019-4a8eeaf80e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/"
        },
        {
          "name": "FEDORA-2019-9454ce61b2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/"
        },
        {
          "name": "RHSA-2019:3353",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3353"
        },
        {
          "name": "20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Nov/14"
        },
        {
          "url": "https://freeradius.org/security/"
        },
        {
          "url": "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143"
        },
        {
          "url": "https://github.com/FreeRADIUS/freeradius-server/pull/2666"
        }
      ],
      "tags": [
        "disputed"
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-10143",
    "datePublished": "2019-05-24T00:00:00.000Z",
    "dateReserved": "2019-03-27T00:00:00.000Z",
    "dateUpdated": "2024-08-04T22:10:10.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-11235 (GCVE-0-2019-11235)

Vulnerability from cvelistv5 – Published: 2019-04-21 16:40 – Updated: 2024-08-04 22:48
VLAI
Summary
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:48:08.973Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/871675/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://freeradius.org/security/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748"
          },
          {
            "name": "USN-3954-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3954-1/"
          },
          {
            "name": "openSUSE-SU-2019:1346",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
          },
          {
            "name": "RHSA-2019:1131",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1131"
          },
          {
            "name": "RHSA-2019:1142",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1142"
          },
          {
            "name": "openSUSE-SU-2019:1394",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
          },
          {
            "name": "openSUSE-SU-2020:0542",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-23T15:06:24.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.kb.cert.org/vuls/id/871675/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://freeradius.org/security/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748"
        },
        {
          "name": "USN-3954-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3954-1/"
        },
        {
          "name": "openSUSE-SU-2019:1346",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
        },
        {
          "name": "RHSA-2019:1131",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1131"
        },
        {
          "name": "RHSA-2019:1142",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1142"
        },
        {
          "name": "openSUSE-SU-2019:1394",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
        },
        {
          "name": "openSUSE-SU-2020:0542",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-11235",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19",
              "refsource": "MISC",
              "url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
            },
            {
              "name": "https://papers.mathyvanhoef.com/dragonblood.pdf",
              "refsource": "MISC",
              "url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
            },
            {
              "name": "https://www.kb.cert.org/vuls/id/871675/",
              "refsource": "MISC",
              "url": "https://www.kb.cert.org/vuls/id/871675/"
            },
            {
              "name": "https://freeradius.org/security/",
              "refsource": "MISC",
              "url": "https://freeradius.org/security/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748"
            },
            {
              "name": "USN-3954-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3954-1/"
            },
            {
              "name": "openSUSE-SU-2019:1346",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
            },
            {
              "name": "RHSA-2019:1131",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1131"
            },
            {
              "name": "RHSA-2019:1142",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1142"
            },
            {
              "name": "openSUSE-SU-2019:1394",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
            },
            {
              "name": "openSUSE-SU-2020:0542",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11235",
    "datePublished": "2019-04-21T16:40:32.000Z",
    "dateReserved": "2019-04-15T00:00:00.000Z",
    "dateUpdated": "2024-08-04T22:48:08.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-11234 (GCVE-0-2019-11234)

Vulnerability from cvelistv5 – Published: 2019-04-21 16:36 – Updated: 2024-08-04 22:48
VLAI
Summary
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:48:08.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/871675/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://freeradius.org/security/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783"
          },
          {
            "name": "USN-3954-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3954-1/"
          },
          {
            "name": "openSUSE-SU-2019:1346",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
          },
          {
            "name": "RHSA-2019:1131",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1131"
          },
          {
            "name": "RHSA-2019:1142",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1142"
          },
          {
            "name": "openSUSE-SU-2019:1394",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
          },
          {
            "name": "openSUSE-SU-2020:0542",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-23T15:06:23.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.kb.cert.org/vuls/id/871675/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://freeradius.org/security/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783"
        },
        {
          "name": "USN-3954-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3954-1/"
        },
        {
          "name": "openSUSE-SU-2019:1346",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
        },
        {
          "name": "RHSA-2019:1131",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1131"
        },
        {
          "name": "RHSA-2019:1142",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1142"
        },
        {
          "name": "openSUSE-SU-2019:1394",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
        },
        {
          "name": "openSUSE-SU-2020:0542",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-11234",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19",
              "refsource": "MISC",
              "url": "https://freeradius.org/release_notes/?br=3.0.x\u0026re=3.0.19"
            },
            {
              "name": "https://papers.mathyvanhoef.com/dragonblood.pdf",
              "refsource": "MISC",
              "url": "https://papers.mathyvanhoef.com/dragonblood.pdf"
            },
            {
              "name": "https://www.kb.cert.org/vuls/id/871675/",
              "refsource": "MISC",
              "url": "https://www.kb.cert.org/vuls/id/871675/"
            },
            {
              "name": "https://freeradius.org/security/",
              "refsource": "MISC",
              "url": "https://freeradius.org/security/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783"
            },
            {
              "name": "USN-3954-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3954-1/"
            },
            {
              "name": "openSUSE-SU-2019:1346",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00014.html"
            },
            {
              "name": "RHSA-2019:1131",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1131"
            },
            {
              "name": "RHSA-2019:1142",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1142"
            },
            {
              "name": "openSUSE-SU-2019:1394",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00032.html"
            },
            {
              "name": "openSUSE-SU-2020:0542",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00033.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11234",
    "datePublished": "2019-04-21T16:36:48.000Z",
    "dateReserved": "2019-04-15T00:00:00.000Z",
    "dateUpdated": "2024-08-04T22:48:08.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-10986 (GCVE-0-2017-10986)

Vulnerability from cvelistv5 – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI
Summary
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.securityfocus.com/bid/99971 vdb-entryx_refsource_BID
http://www.debian.org/security/2017/dsa-3930 vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2389 vendor-advisoryx_refsource_REDHAT
http://freeradius.org/security/fuzzer-2017.html x_refsource_CONFIRM
Date Public
2017-07-17 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:57:56.835Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99971",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99971"
          },
          {
            "name": "DSA-3930",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3930"
          },
          {
            "name": "RHSA-2017:2389",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2389"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeradius.org/security/fuzzer-2017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Infinite read in dhcp_attr2vp()\" and a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "99971",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99971"
        },
        {
          "name": "DSA-3930",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3930"
        },
        {
          "name": "RHSA-2017:2389",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2389"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeradius.org/security/fuzzer-2017.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-10986",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Infinite read in dhcp_attr2vp()\" and a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99971",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99971"
            },
            {
              "name": "DSA-3930",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3930"
            },
            {
              "name": "RHSA-2017:2389",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2389"
            },
            {
              "name": "http://freeradius.org/security/fuzzer-2017.html",
              "refsource": "CONFIRM",
              "url": "http://freeradius.org/security/fuzzer-2017.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-10986",
    "datePublished": "2017-07-17T16:00:00.000Z",
    "dateReserved": "2017-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-05T17:57:56.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-10983 (GCVE-0-2017-10983)

Vulnerability from cvelistv5 – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI
Summary
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.securitytracker.com/id/1038914 vdb-entryx_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1759 vendor-advisoryx_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3930 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/99915 vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2017:2389 vendor-advisoryx_refsource_REDHAT
http://freeradius.org/security/fuzzer-2017.html x_refsource_CONFIRM
Date Public
2017-07-17 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:57:57.885Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038914",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038914"
          },
          {
            "name": "RHSA-2017:1759",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1759"
          },
          {
            "name": "DSA-3930",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3930"
          },
          {
            "name": "99915",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99915"
          },
          {
            "name": "RHSA-2017:2389",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2389"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeradius.org/security/fuzzer-2017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"DHCP - Read overflow when decoding option 63\" and a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1038914",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038914"
        },
        {
          "name": "RHSA-2017:1759",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1759"
        },
        {
          "name": "DSA-3930",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3930"
        },
        {
          "name": "99915",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99915"
        },
        {
          "name": "RHSA-2017:2389",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2389"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeradius.org/security/fuzzer-2017.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-10983",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"DHCP - Read overflow when decoding option 63\" and a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038914",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038914"
            },
            {
              "name": "RHSA-2017:1759",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1759"
            },
            {
              "name": "DSA-3930",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3930"
            },
            {
              "name": "99915",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99915"
            },
            {
              "name": "RHSA-2017:2389",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2389"
            },
            {
              "name": "http://freeradius.org/security/fuzzer-2017.html",
              "refsource": "CONFIRM",
              "url": "http://freeradius.org/security/fuzzer-2017.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-10983",
    "datePublished": "2017-07-17T16:00:00.000Z",
    "dateReserved": "2017-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-05T17:57:57.885Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-10982 (GCVE-0-2017-10982)

Vulnerability from cvelistv5 – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI
Summary
An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.securitytracker.com/id/1038914 vdb-entryx_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1759 vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/99912 vdb-entryx_refsource_BID
http://www.debian.org/security/2017/dsa-3930 vendor-advisoryx_refsource_DEBIAN
http://freeradius.org/security/fuzzer-2017.html x_refsource_CONFIRM
Date Public
2017-07-17 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:57:56.735Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038914",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038914"
          },
          {
            "name": "RHSA-2017:1759",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1759"
          },
          {
            "name": "99912",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99912"
          },
          {
            "name": "DSA-3930",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3930"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeradius.org/security/fuzzer-2017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" and a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1038914",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038914"
        },
        {
          "name": "RHSA-2017:1759",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1759"
        },
        {
          "name": "99912",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99912"
        },
        {
          "name": "DSA-3930",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3930"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeradius.org/security/fuzzer-2017.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-10982",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Buffer over-read in fr_dhcp_decode_options()\" and a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038914",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038914"
            },
            {
              "name": "RHSA-2017:1759",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1759"
            },
            {
              "name": "99912",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99912"
            },
            {
              "name": "DSA-3930",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3930"
            },
            {
              "name": "http://freeradius.org/security/fuzzer-2017.html",
              "refsource": "CONFIRM",
              "url": "http://freeradius.org/security/fuzzer-2017.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-10982",
    "datePublished": "2017-07-17T16:00:00.000Z",
    "dateReserved": "2017-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-05T17:57:56.735Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-10981 (GCVE-0-2017-10981)

Vulnerability from cvelistv5 – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI
Summary
An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.securitytracker.com/id/1038914 vdb-entryx_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1759 vendor-advisoryx_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3930 vendor-advisoryx_refsource_DEBIAN
http://freeradius.org/security/fuzzer-2017.html x_refsource_CONFIRM
http://www.securityfocus.com/bid/99898 vdb-entryx_refsource_BID
Date Public
2017-07-17 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:57:57.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038914",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038914"
          },
          {
            "name": "RHSA-2017:1759",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1759"
          },
          {
            "name": "DSA-3930",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3930"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeradius.org/security/fuzzer-2017.html"
          },
          {
            "name": "99898",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99898"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in fr_dhcp_decode()\" and a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1038914",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038914"
        },
        {
          "name": "RHSA-2017:1759",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1759"
        },
        {
          "name": "DSA-3930",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3930"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeradius.org/security/fuzzer-2017.html"
        },
        {
          "name": "99898",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99898"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-10981",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in fr_dhcp_decode()\" and a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038914",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038914"
            },
            {
              "name": "RHSA-2017:1759",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1759"
            },
            {
              "name": "DSA-3930",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3930"
            },
            {
              "name": "http://freeradius.org/security/fuzzer-2017.html",
              "refsource": "CONFIRM",
              "url": "http://freeradius.org/security/fuzzer-2017.html"
            },
            {
              "name": "99898",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99898"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-10981",
    "datePublished": "2017-07-17T16:00:00.000Z",
    "dateReserved": "2017-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-05T17:57:57.471Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-10984 (GCVE-0-2017-10984)

Vulnerability from cvelistv5 – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI
Summary
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.debian.org/security/2017/dsa-3930 vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2389 vendor-advisoryx_refsource_REDHAT
http://freeradius.org/security/fuzzer-2017.html x_refsource_CONFIRM
http://www.securityfocus.com/bid/99876 vdb-entryx_refsource_BID
Date Public
2017-07-17 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:57:57.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3930",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3930"
          },
          {
            "name": "RHSA-2017:2389",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2389"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeradius.org/security/fuzzer-2017.html"
          },
          {
            "name": "99876",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99876"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows \"Write overflow in data2vp_wimax()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3930",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3930"
        },
        {
          "name": "RHSA-2017:2389",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2389"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeradius.org/security/fuzzer-2017.html"
        },
        {
          "name": "99876",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99876"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-10984",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows \"Write overflow in data2vp_wimax()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3930",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3930"
            },
            {
              "name": "RHSA-2017:2389",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2389"
            },
            {
              "name": "http://freeradius.org/security/fuzzer-2017.html",
              "refsource": "CONFIRM",
              "url": "http://freeradius.org/security/fuzzer-2017.html"
            },
            {
              "name": "99876",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99876"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-10984",
    "datePublished": "2017-07-17T16:00:00.000Z",
    "dateReserved": "2017-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-05T17:57:57.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-10978 (GCVE-0-2017-10978)

Vulnerability from cvelistv5 – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI
Summary
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.securitytracker.com/id/1038914 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99893 vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2017:1759 vendor-advisoryx_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3930 vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2389 vendor-advisoryx_refsource_REDHAT
http://freeradius.org/security/fuzzer-2017.html x_refsource_CONFIRM
Date Public
2017-07-17 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:57:56.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038914",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038914"
          },
          {
            "name": "99893",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99893"
          },
          {
            "name": "RHSA-2017:1759",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1759"
          },
          {
            "name": "DSA-3930",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3930"
          },
          {
            "name": "RHSA-2017:2389",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2389"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeradius.org/security/fuzzer-2017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"Read / write overflow in make_secret()\" and a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1038914",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038914"
        },
        {
          "name": "99893",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99893"
        },
        {
          "name": "RHSA-2017:1759",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1759"
        },
        {
          "name": "DSA-3930",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3930"
        },
        {
          "name": "RHSA-2017:2389",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2389"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeradius.org/security/fuzzer-2017.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-10978",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"Read / write overflow in make_secret()\" and a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038914",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038914"
            },
            {
              "name": "99893",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99893"
            },
            {
              "name": "RHSA-2017:1759",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1759"
            },
            {
              "name": "DSA-3930",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3930"
            },
            {
              "name": "RHSA-2017:2389",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2389"
            },
            {
              "name": "http://freeradius.org/security/fuzzer-2017.html",
              "refsource": "CONFIRM",
              "url": "http://freeradius.org/security/fuzzer-2017.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-10978",
    "datePublished": "2017-07-17T16:00:00.000Z",
    "dateReserved": "2017-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-05T17:57:56.657Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-10987 (GCVE-0-2017-10987)

Vulnerability from cvelistv5 – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI
Summary
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.securityfocus.com/bid/99970 vdb-entryx_refsource_BID
http://www.debian.org/security/2017/dsa-3930 vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2389 vendor-advisoryx_refsource_REDHAT
http://freeradius.org/security/fuzzer-2017.html x_refsource_CONFIRM
Date Public
2017-07-17 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:57:56.667Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99970",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99970"
          },
          {
            "name": "DSA-3930",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3930"
          },
          {
            "name": "RHSA-2017:2389",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2389"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeradius.org/security/fuzzer-2017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Buffer over-read in fr_dhcp_decode_suboptions()\" and a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "99970",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99970"
        },
        {
          "name": "DSA-3930",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3930"
        },
        {
          "name": "RHSA-2017:2389",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2389"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeradius.org/security/fuzzer-2017.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-10987",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Buffer over-read in fr_dhcp_decode_suboptions()\" and a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99970",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99970"
            },
            {
              "name": "DSA-3930",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3930"
            },
            {
              "name": "RHSA-2017:2389",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2389"
            },
            {
              "name": "http://freeradius.org/security/fuzzer-2017.html",
              "refsource": "CONFIRM",
              "url": "http://freeradius.org/security/fuzzer-2017.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-10987",
    "datePublished": "2017-07-17T16:00:00.000Z",
    "dateReserved": "2017-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-05T17:57:56.667Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-10985 (GCVE-0-2017-10985)

Vulnerability from cvelistv5 – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI
Summary
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.debian.org/security/2017/dsa-3930 vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2389 vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/99968 vdb-entryx_refsource_BID
http://freeradius.org/security/fuzzer-2017.html x_refsource_CONFIRM
Date Public
2017-07-17 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:57:56.733Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3930",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3930"
          },
          {
            "name": "RHSA-2017:2389",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2389"
          },
          {
            "name": "99968",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99968"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeradius.org/security/fuzzer-2017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows \"Infinite loop and memory exhaustion with \u0027concat\u0027 attributes\" and a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3930",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3930"
        },
        {
          "name": "RHSA-2017:2389",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2389"
        },
        {
          "name": "99968",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99968"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeradius.org/security/fuzzer-2017.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-10985",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows \"Infinite loop and memory exhaustion with \u0027concat\u0027 attributes\" and a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3930",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3930"
            },
            {
              "name": "RHSA-2017:2389",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2389"
            },
            {
              "name": "99968",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99968"
            },
            {
              "name": "http://freeradius.org/security/fuzzer-2017.html",
              "refsource": "CONFIRM",
              "url": "http://freeradius.org/security/fuzzer-2017.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-10985",
    "datePublished": "2017-07-17T16:00:00.000Z",
    "dateReserved": "2017-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-05T17:57:56.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-10980 (GCVE-0-2017-10980)

Vulnerability from cvelistv5 – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI
Summary
An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.securitytracker.com/id/1038914 vdb-entryx_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1759 vendor-advisoryx_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3930 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/99905 vdb-entryx_refsource_BID
http://freeradius.org/security/fuzzer-2017.html x_refsource_CONFIRM
Date Public
2017-07-17 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:57:57.359Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038914",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038914"
          },
          {
            "name": "RHSA-2017:1759",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1759"
          },
          {
            "name": "DSA-3930",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3930"
          },
          {
            "name": "99905",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99905"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeradius.org/security/fuzzer-2017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in decode_tlv()\" and a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1038914",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038914"
        },
        {
          "name": "RHSA-2017:1759",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1759"
        },
        {
          "name": "DSA-3930",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3930"
        },
        {
          "name": "99905",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99905"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeradius.org/security/fuzzer-2017.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-10980",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows \"DHCP - Memory leak in decode_tlv()\" and a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038914",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038914"
            },
            {
              "name": "RHSA-2017:1759",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1759"
            },
            {
              "name": "DSA-3930",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3930"
            },
            {
              "name": "99905",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99905"
            },
            {
              "name": "http://freeradius.org/security/fuzzer-2017.html",
              "refsource": "CONFIRM",
              "url": "http://freeradius.org/security/fuzzer-2017.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-10980",
    "datePublished": "2017-07-17T16:00:00.000Z",
    "dateReserved": "2017-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-05T17:57:57.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-10979 (GCVE-0-2017-10979)

Vulnerability from cvelistv5 – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI
Summary
An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.securitytracker.com/id/1038914 vdb-entryx_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:1759 vendor-advisoryx_refsource_REDHAT
http://www.debian.org/security/2017/dsa-3930 vendor-advisoryx_refsource_DEBIAN
http://freeradius.org/security/fuzzer-2017.html x_refsource_CONFIRM
http://www.securityfocus.com/bid/99901 vdb-entryx_refsource_BID
Date Public
2017-07-17 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:57:56.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038914",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038914"
          },
          {
            "name": "RHSA-2017:1759",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1759"
          },
          {
            "name": "DSA-3930",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3930"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeradius.org/security/fuzzer-2017.html"
          },
          {
            "name": "99901",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99901"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-07-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1038914",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038914"
        },
        {
          "name": "RHSA-2017:1759",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1759"
        },
        {
          "name": "DSA-3930",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3930"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeradius.org/security/fuzzer-2017.html"
        },
        {
          "name": "99901",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99901"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-10979",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038914",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038914"
            },
            {
              "name": "RHSA-2017:1759",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1759"
            },
            {
              "name": "DSA-3930",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3930"
            },
            {
              "name": "http://freeradius.org/security/fuzzer-2017.html",
              "refsource": "CONFIRM",
              "url": "http://freeradius.org/security/fuzzer-2017.html"
            },
            {
              "name": "99901",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99901"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-10979",
    "datePublished": "2017-07-17T16:00:00.000Z",
    "dateReserved": "2017-07-06T00:00:00.000Z",
    "dateUpdated": "2024-08-05T17:57:56.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-9148 (GCVE-0-2017-9148)

Vulnerability from cvelistv5 – Published: 2017-05-29 17:00 – Updated: 2024-08-05 16:55
VLAI
Summary
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://freeradius.org/security.html x_refsource_MISC
http://seclists.org/oss-sec/2017/q2/422 x_refsource_MISC
https://access.redhat.com/errata/RHSA-2017:1581 vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id/1038576 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/98734 vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201706-27 vendor-advisoryx_refsource_GENTOO
Date Public
2017-05-29 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:55:22.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://freeradius.org/security.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2017/q2/422"
          },
          {
            "name": "RHSA-2017:1581",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1581"
          },
          {
            "name": "1038576",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038576"
          },
          {
            "name": "98734",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98734"
          },
          {
            "name": "GLSA-201706-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201706-27"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-05-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://freeradius.org/security.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://seclists.org/oss-sec/2017/q2/422"
        },
        {
          "name": "RHSA-2017:1581",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1581"
        },
        {
          "name": "1038576",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038576"
        },
        {
          "name": "98734",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98734"
        },
        {
          "name": "GLSA-201706-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201706-27"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9148",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://freeradius.org/security.html",
              "refsource": "MISC",
              "url": "http://freeradius.org/security.html"
            },
            {
              "name": "http://seclists.org/oss-sec/2017/q2/422",
              "refsource": "MISC",
              "url": "http://seclists.org/oss-sec/2017/q2/422"
            },
            {
              "name": "RHSA-2017:1581",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1581"
            },
            {
              "name": "1038576",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038576"
            },
            {
              "name": "98734",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98734"
            },
            {
              "name": "GLSA-201706-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201706-27"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9148",
    "datePublished": "2017-05-29T17:00:00.000Z",
    "dateReserved": "2017-05-22T00:00:00.000Z",
    "dateUpdated": "2024-08-05T16:55:22.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4680 (GCVE-0-2015-4680)

Vulnerability from cvelistv5 – Published: 2017-04-05 17:00 – Updated: 2024-08-06 06:18
VLAI
Summary
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public
2015-06-22 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:18:12.227Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html"
          },
          {
            "name": "20150622 [oCERT-2015-008] FreeRADIUS insufficent CRL application",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/535810/100/0/threaded"
          },
          {
            "name": "75327",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75327"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234975"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ocert.org/advisories/ocert-2015-008.html"
          },
          {
            "name": "1032690",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032690"
          },
          {
            "name": "SUSE-SU-2017:0102",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html"
        },
        {
          "name": "20150622 [oCERT-2015-008] FreeRADIUS insufficent CRL application",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/535810/100/0/threaded"
        },
        {
          "name": "75327",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75327"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234975"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ocert.org/advisories/ocert-2015-008.html"
        },
        {
          "name": "1032690",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032690"
        },
        {
          "name": "SUSE-SU-2017:0102",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-4680",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/132415/FreeRADIUS-Insufficient-CRL-Application.html"
            },
            {
              "name": "20150622 [oCERT-2015-008] FreeRADIUS insufficent CRL application",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/535810/100/0/threaded"
            },
            {
              "name": "75327",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75327"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1234975",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234975"
            },
            {
              "name": "http://www.ocert.org/advisories/ocert-2015-008.html",
              "refsource": "MISC",
              "url": "http://www.ocert.org/advisories/ocert-2015-008.html"
            },
            {
              "name": "1032690",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032690"
            },
            {
              "name": "SUSE-SU-2017:0102",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00010.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-4680",
    "datePublished": "2017-04-05T17:00:00.000Z",
    "dateReserved": "2015-06-19T00:00:00.000Z",
    "dateUpdated": "2024-08-06T06:18:12.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8763 (GCVE-0-2015-8763)

Vulnerability from cvelistv5 – Published: 2017-03-27 17:00 – Updated: 2024-08-06 08:29
VLAI
Summary
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public
2015-04-04 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:29:21.729Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeradius.org/security.html#eap-pwd-2015"
          },
          {
            "name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-27T16:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeradius.org/security.html#eap-pwd-2015"
        },
        {
          "name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8763",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://freeradius.org/security.html#eap-pwd-2015",
              "refsource": "CONFIRM",
              "url": "http://freeradius.org/security.html#eap-pwd-2015"
            },
            {
              "name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8763",
    "datePublished": "2017-03-27T17:00:00.000Z",
    "dateReserved": "2016-01-08T00:00:00.000Z",
    "dateUpdated": "2024-08-06T08:29:21.729Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8764 (GCVE-0-2015-8764)

Vulnerability from cvelistv5 – Published: 2017-03-27 17:00 – Updated: 2024-08-06 08:29
VLAI
Summary
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public
2015-04-04 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:29:21.944Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeradius.org/security.html#eap-pwd-2015"
          },
          {
            "name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-27T16:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeradius.org/security.html#eap-pwd-2015"
        },
        {
          "name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8764",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://freeradius.org/security.html#eap-pwd-2015",
              "refsource": "CONFIRM",
              "url": "http://freeradius.org/security.html#eap-pwd-2015"
            },
            {
              "name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8764",
    "datePublished": "2017-03-27T17:00:00.000Z",
    "dateReserved": "2016-01-08T00:00:00.000Z",
    "dateUpdated": "2024-08-06T08:29:21.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8762 (GCVE-0-2015-8762)

Vulnerability from cvelistv5 – Published: 2017-03-27 17:00 – Updated: 2024-08-06 08:29
VLAI
Summary
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public
2015-04-04 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:29:21.730Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeradius.org/security.html#eap-pwd-2015"
          },
          {
            "name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-27T16:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeradius.org/security.html#eap-pwd-2015"
        },
        {
          "name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8762",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://freeradius.org/security.html#eap-pwd-2015",
              "refsource": "CONFIRM",
              "url": "http://freeradius.org/security.html#eap-pwd-2015"
            },
            {
              "name": "[oss-security] 20160108 Re: CVE Request: freeradius: the EAP-PWD module performs insufficient validation on packets received from an EAP peer",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/08/7"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8762",
    "datePublished": "2017-03-27T17:00:00.000Z",
    "dateReserved": "2016-01-08T00:00:00.000Z",
    "dateUpdated": "2024-08-06T08:29:21.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-2015 (GCVE-0-2014-2015)

Vulnerability from cvelistv5 – Published: 2014-11-02 00:00 – Updated: 2024-08-06 09:58
VLAI
Summary
Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public
2014-02-12 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:58:16.213Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[freebsd-bugbusters] 20140214 freeradius denial of service in authentication flow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html"
          },
          {
            "name": "[oss-security] 20140216 Re: CVE request: freeradius denial of service in rlm_pap hash processing",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/02/18/3"
          },
          {
            "name": "RHSA-2015:1287",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1287.html"
          },
          {
            "name": "[freebsd-bugbusters] 20140213 freeradius denial of service in authentication flow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html"
          },
          {
            "name": "USN-2122-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-2122-1"
          },
          {
            "name": "[freebsd-bugbusters] 20140212 freeradius denial of service in authentication flow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html"
          },
          {
            "name": "65581",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65581"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[freebsd-bugbusters] 20140214 freeradius denial of service in authentication flow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html"
        },
        {
          "name": "[oss-security] 20140216 Re: CVE request: freeradius denial of service in rlm_pap hash processing",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/02/18/3"
        },
        {
          "name": "RHSA-2015:1287",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1287.html"
        },
        {
          "name": "[freebsd-bugbusters] 20140213 freeradius denial of service in authentication flow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html"
        },
        {
          "name": "USN-2122-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-2122-1"
        },
        {
          "name": "[freebsd-bugbusters] 20140212 freeradius denial of service in authentication flow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html"
        },
        {
          "name": "65581",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65581"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2015",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the normify function in the rlm_pap module (modules/rlm_pap/rlm_pap.c) in FreeRADIUS 2.x, possibly 2.2.3 and earlier, and 3.x, possibly 3.0.1 and earlier, might allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password hash, as demonstrated by an SSHA hash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[freebsd-bugbusters] 20140214 freeradius denial of service in authentication flow",
              "refsource": "MLIST",
              "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000616.html"
            },
            {
              "name": "[oss-security] 20140216 Re: CVE request: freeradius denial of service in rlm_pap hash processing",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/02/18/3"
            },
            {
              "name": "RHSA-2015:1287",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1287.html"
            },
            {
              "name": "[freebsd-bugbusters] 20140213 freeradius denial of service in authentication flow",
              "refsource": "MLIST",
              "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000612.html"
            },
            {
              "name": "USN-2122-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/usn/usn-2122-1"
            },
            {
              "name": "[freebsd-bugbusters] 20140212 freeradius denial of service in authentication flow",
              "refsource": "MLIST",
              "url": "http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html"
            },
            {
              "name": "65581",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65581"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1066761"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2015",
    "datePublished": "2014-11-02T00:00:00.000Z",
    "dateReserved": "2014-02-17T00:00:00.000Z",
    "dateUpdated": "2024-08-06T09:58:16.213Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-4966 (GCVE-0-2011-4966)

Vulnerability from cvelistv5 – Published: 2013-03-12 22:00 – Updated: 2024-08-07 00:23
VLAI
Summary
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:23:39.372Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2013:0134",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0134.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHBA-2012-0881.html"
          },
          {
            "name": "openSUSE-SU-2013:0137",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html"
          },
          {
            "name": "openSUSE-SU-2013:0191",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00079.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-03-12T22:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2013:0134",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0134.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://rhn.redhat.com/errata/RHBA-2012-0881.html"
        },
        {
          "name": "openSUSE-SU-2013:0137",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html"
        },
        {
          "name": "openSUSE-SU-2013:0191",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00079.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-4966",
    "datePublished": "2013-03-12T22:00:00.000Z",
    "dateReserved": "2011-12-23T00:00:00.000Z",
    "dateUpdated": "2024-08-07T00:23:39.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3547 (GCVE-0-2012-3547)

Vulnerability from cvelistv5 – Published: 2012-09-18 17:00 – Updated: 2024-08-06 20:13
VLAI
Summary
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://secunia.com/advisories/50584 third-party-advisoryx_refsource_SECUNIA
http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
http://secunia.com/advisories/50637 third-party-advisoryx_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1585-1 vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2012-1327.html vendor-advisoryx_refsource_REDHAT
http://secunia.com/advisories/50484 third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2012/dsa-2546 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/55483 vdb-entryx_refsource_BID
http://www.securitytracker.com/id?1027509 vdb-entryx_refsource_SECTRACK
http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt x_refsource_MISC
http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
http://www.openwall.com/lists/oss-security/2012/09/10/2 mailing-listx_refsource_MLIST
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://rhn.redhat.com/errata/RHSA-2012-1326.html vendor-advisoryx_refsource_REDHAT
http://osvdb.org/85325 vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/50770 third-party-advisoryx_refsource_SECUNIA
http://freeradius.org/security.html x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
Date Public
2012-09-10 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:13:49.904Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "50584",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50584"
          },
          {
            "name": "APPLE-SA-2013-10-22-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
          },
          {
            "name": "50637",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50637"
          },
          {
            "name": "USN-1585-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1585-1"
          },
          {
            "name": "RHSA-2012:1327",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1327.html"
          },
          {
            "name": "50484",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50484"
          },
          {
            "name": "DSA-2546",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2546"
          },
          {
            "name": "55483",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/55483"
          },
          {
            "name": "1027509",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027509"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt"
          },
          {
            "name": "20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html"
          },
          {
            "name": "[oss-security] 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/09/10/2"
          },
          {
            "name": "MDVSA-2012:159",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:159"
          },
          {
            "name": "openSUSE-SU-2012:1200",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html"
          },
          {
            "name": "freeradius-cbtlsverify-bo(78408)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78408"
          },
          {
            "name": "RHSA-2012:1326",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1326.html"
          },
          {
            "name": "85325",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/85325"
          },
          {
            "name": "50770",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50770"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeradius.org/security.html"
          },
          {
            "name": "FEDORA-2012-15743",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long \"not after\" timestamp in a client certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "50584",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50584"
        },
        {
          "name": "APPLE-SA-2013-10-22-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
        },
        {
          "name": "50637",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50637"
        },
        {
          "name": "USN-1585-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1585-1"
        },
        {
          "name": "RHSA-2012:1327",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1327.html"
        },
        {
          "name": "50484",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50484"
        },
        {
          "name": "DSA-2546",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2546"
        },
        {
          "name": "55483",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/55483"
        },
        {
          "name": "1027509",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027509"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt"
        },
        {
          "name": "20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html"
        },
        {
          "name": "[oss-security] 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/09/10/2"
        },
        {
          "name": "MDVSA-2012:159",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:159"
        },
        {
          "name": "openSUSE-SU-2012:1200",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html"
        },
        {
          "name": "freeradius-cbtlsverify-bo(78408)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78408"
        },
        {
          "name": "RHSA-2012:1326",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1326.html"
        },
        {
          "name": "85325",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/85325"
        },
        {
          "name": "50770",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50770"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeradius.org/security.html"
        },
        {
          "name": "FEDORA-2012-15743",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-3547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long \"not after\" timestamp in a client certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "50584",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50584"
            },
            {
              "name": "APPLE-SA-2013-10-22-5",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
            },
            {
              "name": "50637",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50637"
            },
            {
              "name": "USN-1585-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1585-1"
            },
            {
              "name": "RHSA-2012:1327",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1327.html"
            },
            {
              "name": "50484",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50484"
            },
            {
              "name": "DSA-2546",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2546"
            },
            {
              "name": "55483",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/55483"
            },
            {
              "name": "1027509",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027509"
            },
            {
              "name": "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt",
              "refsource": "MISC",
              "url": "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt"
            },
            {
              "name": "20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html"
            },
            {
              "name": "[oss-security] 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/09/10/2"
            },
            {
              "name": "MDVSA-2012:159",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:159"
            },
            {
              "name": "openSUSE-SU-2012:1200",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html"
            },
            {
              "name": "freeradius-cbtlsverify-bo(78408)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78408"
            },
            {
              "name": "RHSA-2012:1326",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1326.html"
            },
            {
              "name": "85325",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/85325"
            },
            {
              "name": "50770",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50770"
            },
            {
              "name": "http://freeradius.org/security.html",
              "refsource": "CONFIRM",
              "url": "http://freeradius.org/security.html"
            },
            {
              "name": "FEDORA-2012-15743",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-3547",
    "datePublished": "2012-09-18T17:00:00.000Z",
    "dateReserved": "2012-06-14T00:00:00.000Z",
    "dateUpdated": "2024-08-06T20:13:49.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-2701 (GCVE-0-2011-2701)

Vulnerability from cvelistv5 – Published: 2011-08-04 01:00 – Updated: 2024-08-06 23:08
VLAI
Summary
The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public
2011-07-15 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:08:23.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48880",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48880"
          },
          {
            "name": "freeradius-certificate-security-bypass(68782)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68782"
          },
          {
            "name": "[oss-security] 20110715 CVE request: vulnerability in FreeRADIUS (OCSP)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/07/15/6"
          },
          {
            "name": "[oss-security] 20110718 Re: CVE request: vulnerability in FreeRADIUS (OCSP)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/07/18/2"
          },
          {
            "name": "45425",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/45425"
          },
          {
            "name": "20110725 [DSB-2011-01] Security Advisory FreeRADIUS 2.1.11",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/518974/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html"
          },
          {
            "name": "8325",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8325"
          },
          {
            "name": "1025833",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025833"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=724815"
          },
          {
            "name": "[oss-security] 20110720 Re: CVE request: vulnerability in FreeRADIUS (OCSP)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/07/20/9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-07-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "48880",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48880"
        },
        {
          "name": "freeradius-certificate-security-bypass(68782)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68782"
        },
        {
          "name": "[oss-security] 20110715 CVE request: vulnerability in FreeRADIUS (OCSP)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/07/15/6"
        },
        {
          "name": "[oss-security] 20110718 Re: CVE request: vulnerability in FreeRADIUS (OCSP)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/07/18/2"
        },
        {
          "name": "45425",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/45425"
        },
        {
          "name": "20110725 [DSB-2011-01] Security Advisory FreeRADIUS 2.1.11",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/518974/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html"
        },
        {
          "name": "8325",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8325"
        },
        {
          "name": "1025833",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025833"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=724815"
        },
        {
          "name": "[oss-security] 20110720 Re: CVE request: vulnerability in FreeRADIUS (OCSP)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/07/20/9"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-2701",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48880",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48880"
            },
            {
              "name": "freeradius-certificate-security-bypass(68782)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68782"
            },
            {
              "name": "[oss-security] 20110715 CVE request: vulnerability in FreeRADIUS (OCSP)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/07/15/6"
            },
            {
              "name": "[oss-security] 20110718 Re: CVE request: vulnerability in FreeRADIUS (OCSP)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/07/18/2"
            },
            {
              "name": "45425",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/45425"
            },
            {
              "name": "20110725 [DSB-2011-01] Security Advisory FreeRADIUS 2.1.11",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/518974/100/0/threaded"
            },
            {
              "name": "https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html",
              "refsource": "MISC",
              "url": "https://www.dfn-cert.de/informationen/Sicherheitsbulletins/dsb-2011-01.html"
            },
            {
              "name": "8325",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8325"
            },
            {
              "name": "1025833",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025833"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=724815",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=724815"
            },
            {
              "name": "[oss-security] 20110720 Re: CVE request: vulnerability in FreeRADIUS (OCSP)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/07/20/9"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-2701",
    "datePublished": "2011-08-04T01:00:00.000Z",
    "dateReserved": "2011-07-11T00:00:00.000Z",
    "dateUpdated": "2024-08-06T23:08:23.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-3696 (GCVE-0-2010-3696)

Vulnerability from cvelistv5 – Published: 2010-10-07 20:21 – Updated: 2024-08-07 03:18
VLAI
Summary
The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:52.999Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279"
          },
          {
            "name": "41621",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41621"
          },
          {
            "name": "[oss-security] 20101001 CVE request: freeradius",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/10/01/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://freeradius.org/press/index.html#2.1.10"
          },
          {
            "name": "[oss-security] 20101001 Re: CVE request: freeradius",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/10/01/8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639390"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-10-07T20:21:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://github.com/alandekok/freeradius-server/commit/4dc7800b866f889a1247685bbaa6dd4238a56279"
        },
        {
          "name": "41621",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41621"
        },
        {
          "name": "[oss-security] 20101001 CVE request: freeradius",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/10/01/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://freeradius.org/press/index.html#2.1.10"
        },
        {
          "name": "[oss-security] 20101001 Re: CVE request: freeradius",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/10/01/8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639390"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-3696",
    "datePublished": "2010-10-07T20:21:00.000Z",
    "dateReserved": "2010-10-01T00:00:00.000Z",
    "dateUpdated": "2024-08-07T03:18:52.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}