CVE-2023-3942 (GCVE-0-2023-3942)

Vulnerability from cvelistv5 – Published: 2024-05-21 12:23 – Updated: 2024-08-02 07:08
VLAI?
Summary
An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
Vendor Product Version
ZkTeco ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0, Standalone service v. 2.1.6-20200907 Affected: ZAM170-NF-1.8.25-7354-Ver1.0.0
Affected: Standalone service v. 2.1.6-20200907
Create a notification for this product.
Credits
The vulnerability was discovered by Georgy Kiguradze from Kaspersky
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smartec_st_fr043",
            "vendor": "zkteco",
            "versions": [
              {
                "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "smartec_st_fr041me",
            "vendor": "zkteco",
            "versions": [
              {
                "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "facedepot_7b",
            "vendor": "zkteco",
            "versions": [
              {
                "lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3942",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T14:16:48.876752Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:17:31.691Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:08:50.624Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-005.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0, Standalone service v. 2.1.6-20200907",
          "vendor": "ZkTeco",
          "versions": [
            {
              "status": "affected",
              "version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
            },
            {
              "status": "affected",
              "version": "Standalone service v. 2.1.6-20200907"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An \u0027SQL Injection\u0027 vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database.\u003cbr\u003e\u003cp\u003eThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others.\n\n\u003c/p\u003e"
            }
          ],
          "value": "An \u0027SQL Injection\u0027 vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database.\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-66",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-66 SQL Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-21T12:23:49.526Z",
        "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "shortName": "Kaspersky"
      },
      "references": [
        {
          "url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-005.md"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-04-27T21:00:00.000Z",
          "value": "Vulnerability discovered."
        },
        {
          "lang": "en",
          "time": "2023-09-19T14:00:00.000Z",
          "value": "Initial request to PSIRT@zkteco.com."
        },
        {
          "lang": "en",
          "time": "2023-10-03T13:18:00.000Z",
          "value": "Follow-up with PSIRT@zkteco.com due to no initial response."
        },
        {
          "lang": "en",
          "time": "2023-12-20T10:46:00.000Z",
          "value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
        },
        {
          "lang": "en",
          "time": "2024-05-21T12:23:00.000Z",
          "value": "No response from vendor; CVE details added to CVE.org."
        }
      ],
      "title": "Multiple SQLi in ZkTeco-based OEM devices",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
    "assignerShortName": "Kaspersky",
    "cveId": "CVE-2023-3942",
    "datePublished": "2024-05-21T12:23:49.526Z",
    "dateReserved": "2023-07-25T14:15:32.367Z",
    "dateUpdated": "2024-08-02T07:08:50.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An \u0027SQL Injection\u0027 vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database.\\nThis issue affects \\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\\n\\n with firmware \\nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de \u0027inyecci\\u00f3n SQL\u0027, debido a una neutralizaci\\u00f3n incorrecta de elementos especiales utilizados en comandos SQL, en dispositivos OEM basados ??en ZKTeco. Esta vulnerabilidad permite a un atacante, en algunos casos, hacerse pasar por otro usuario o realizar acciones no autorizadas. En otros casos, permite al atacante acceder a datos del usuario y par\\u00e1metros del sistema desde la base de datos. Este problema afecta a dispositivos OEM basados ??en ZkTeco (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME y posiblemente otros) con firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 y posiblemente otros, servicio independiente v. 2.1 .6-20200907 y posiblemente otros.\"}]",
      "id": "CVE-2023-3942",
      "lastModified": "2024-11-21T08:18:22.263",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"vulnerability@kaspersky.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2024-05-21T13:15:08.580",
      "references": "[{\"url\": \"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-005.md\", \"source\": \"vulnerability@kaspersky.com\"}, {\"url\": \"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-005.md\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "vulnerability@kaspersky.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"vulnerability@kaspersky.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-3942\",\"sourceIdentifier\":\"vulnerability@kaspersky.com\",\"published\":\"2024-05-21T13:15:08.580\",\"lastModified\":\"2024-11-21T08:18:22.263\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An \u0027SQL Injection\u0027 vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database.\\nThis issue affects \\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\\n\\n with firmware \\nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de \u0027inyecci\u00f3n SQL\u0027, debido a una neutralizaci\u00f3n incorrecta de elementos especiales utilizados en comandos SQL, en dispositivos OEM basados ??en ZKTeco. Esta vulnerabilidad permite a un atacante, en algunos casos, hacerse pasar por otro usuario o realizar acciones no autorizadas. En otros casos, permite al atacante acceder a datos del usuario y par\u00e1metros del sistema desde la base de datos. Este problema afecta a dispositivos OEM basados ??en ZkTeco (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME y posiblemente otros) con firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 y posiblemente otros, servicio independiente v. 2.1 .6-20200907 y posiblemente otros.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"vulnerability@kaspersky.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"vulnerability@kaspersky.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"references\":[{\"url\":\"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-005.md\",\"source\":\"vulnerability@kaspersky.com\"},{\"url\":\"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-005.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-005.md\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:08:50.624Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-3942\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-21T14:16:48.876752Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*\"], \"vendor\": \"zkteco\", \"product\": \"smartec_st_fr043\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*\"], \"vendor\": \"zkteco\", \"product\": \"smartec_st_fr041me\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*\"], \"vendor\": \"zkteco\", \"product\": \"facedepot_7b\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-21T14:33:34.257Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Multiple SQLi in ZkTeco-based OEM devices\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"The vulnerability was discovered by Georgy Kiguradze from Kaspersky\"}], \"impacts\": [{\"capecId\": \"CAPEC-66\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-66 SQL Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ZkTeco\", \"product\": \"ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0, Standalone service v. 2.1.6-20200907\", \"versions\": [{\"status\": \"affected\", \"version\": \"ZAM170-NF-1.8.25-7354-Ver1.0.0\"}, {\"status\": \"affected\", \"version\": \"Standalone service v. 2.1.6-20200907\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-04-27T21:00:00.000Z\", \"value\": \"Vulnerability discovered.\"}, {\"lang\": \"en\", \"time\": \"2023-09-19T14:00:00.000Z\", \"value\": \"Initial request to PSIRT@zkteco.com.\"}, {\"lang\": \"en\", \"time\": \"2023-10-03T13:18:00.000Z\", \"value\": \"Follow-up with PSIRT@zkteco.com due to no initial response.\"}, {\"lang\": \"en\", \"time\": \"2023-12-20T10:46:00.000Z\", \"value\": \"Vulnerability reported to PSIRT@zkteco.com in plaintext.\"}, {\"lang\": \"en\", \"time\": \"2024-05-21T12:23:00.000Z\", \"value\": \"No response from vendor; CVE details added to CVE.org.\"}], \"references\": [{\"url\": \"https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-005.md\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An \u0027SQL Injection\u0027 vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database.\\nThis issue affects \\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\\n\\n with firmware \\nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An \u0027SQL Injection\u0027 vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database.\u003cbr\u003e\u003cp\u003eThis issue affects \\nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\\n\\n with firmware \\nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others.\\n\\n\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"e45d732a-8f6b-4b6b-be76-7420f6a2b988\", \"shortName\": \"Kaspersky\", \"dateUpdated\": \"2024-05-21T12:23:49.526Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-3942\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T07:08:50.624Z\", \"dateReserved\": \"2023-07-25T14:15:32.367Z\", \"assignerOrgId\": \"e45d732a-8f6b-4b6b-be76-7420f6a2b988\", \"datePublished\": \"2024-05-21T12:23:49.526Z\", \"assignerShortName\": \"Kaspersky\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.