Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2023-2355
Vulnerability from csaf_certbund
Published
2023-09-13 22:00
Modified
2023-09-13 22:00
Summary
Cisco IOS XR: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Cisco Internetwork Operating System (IOS) ist ein Betriebssystem, das für Cisco Geräte wie z. B. Router und Switches eingesetzt wird.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Cisco IOS XR ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- CISCO Appliance
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Cisco Internetwork Operating System (IOS) ist ein Betriebssystem, das für Cisco Geräte wie z. B. Router und Switches eingesetzt wird.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Cisco IOS XR ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen oder einen Denial-of-Service-Zustand zu verursachen.", title: "Angriff", }, { category: "general", text: "- CISCO Appliance", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2355 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2355.json", }, { category: "self", summary: "WID-SEC-2023-2355 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2355", }, { category: "external", summary: "Cisco Security Advisories vom 2023-09-13", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-L9zOkBz5", }, { category: "external", summary: "Cisco Security Advisories vom 2023-09-13", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB", }, { category: "external", summary: "Cisco Security Advisories vom 2023-09-13", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-cfm-3pWN8MKt", }, { category: "external", summary: "Cisco Security Advisories vom 2023-09-13", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnx-acl-PyzDkeYF", }, { category: "external", summary: "Cisco Security Advisories vom 2023-09-13", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-comp3acl-vGmp6BQ3", }, ], source_lang: "en-US", title: "Cisco IOS XR: Mehrere Schwachstellen", tracking: { current_release_date: "2023-09-13T22:00:00.000+00:00", generator: { date: "2024-08-15T17:58:27.102+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2355", initial_release_date: "2023-09-13T22:00:00.000+00:00", revision_history: [ { date: "2023-09-13T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Cisco IOS XR < 7.10.1", product: { name: "Cisco IOS XR < 7.10.1", product_id: "T029881", product_identification_helper: { cpe: "cpe:/o:cisco:ios_xr:7.10.1", }, }, }, { category: "product_name", name: "Cisco IOS XR < 7.3.5", product: { name: "Cisco IOS XR < 7.3.5", product_id: "T029882", product_identification_helper: { cpe: "cpe:/o:cisco:ios_xr:7.3.5", }, }, }, { category: "product_name", name: "Cisco IOS XR < 7.5.4", product: { name: "Cisco IOS XR < 7.5.4", product_id: "T029883", product_identification_helper: { cpe: "cpe:/o:cisco:ios_xr:7.5.4", }, }, }, { category: "product_name", name: "Cisco IOS XR < 7.6.3", product: { name: "Cisco IOS XR < 7.6.3", product_id: "T029884", product_identification_helper: { cpe: "cpe:/o:cisco:ios_xr:7.6.3", }, }, }, { category: "product_name", name: "Cisco IOS XR < 7.7.21", product: { name: "Cisco IOS XR < 7.7.21", product_id: "T029885", product_identification_helper: { cpe: "cpe:/o:cisco:ios_xr:7.7.21", }, }, }, { category: "product_name", name: "Cisco IOS XR < 7.8.2", product: { name: "Cisco IOS XR < 7.8.2", product_id: "T029886", product_identification_helper: { cpe: "cpe:/o:cisco:ios_xr:7.8.2", }, }, }, { category: "product_name", name: "Cisco IOS XR < 7.9.1", product: { name: "Cisco IOS XR < 7.9.1", product_id: "T029887", product_identification_helper: { cpe: "cpe:/o:cisco:ios_xr:7.9.1", }, }, }, { category: "product_name", name: "Cisco IOS XR < 7.9.2", product: { name: "Cisco IOS XR < 7.9.2", product_id: "T029888", product_identification_helper: { cpe: "cpe:/o:cisco:ios_xr:7.9.2", }, }, }, ], category: "product_name", name: "IOS XR", }, ], category: "vendor", name: "Cisco", }, ], }, vulnerabilities: [ { cve: "CVE-2023-20236", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Cisco IOS XR. Dieser Fehler besteht in der iPXE-Boot-Funktion der XR-Software aufgrund einer unzureichenden Image-Verifizierung, die das Booten eines nicht verifizierten Software-Images ermöglicht. Durch Manipulation der Boot-Parameter für die Image-Verifizierung während des iPXE-Boot-Prozesses kann ein lokaler Angreifer diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen.", }, ], release_date: "2023-09-13T22:00:00.000+00:00", title: "CVE-2023-20236", }, { cve: "CVE-2023-20233", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Cisco IOS XR. Dieser Fehler besteht in der Funktion \"Connectivity Fault Management\" (CFM) der XR-Software aufgrund einer fehlerhaften Verarbeitung von ungültigen Continuity-Check-Meldungen. Ein entfernter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], release_date: "2023-09-13T22:00:00.000+00:00", title: "CVE-2023-20233", }, { cve: "CVE-2023-20191", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Cisco IOS XR. Dieser Fehler besteht in der Zugriffskontrolllisten (ACL)-Verarbeitung auf MPLS-Schnittstellen in der Ingress-Richtung der XR-Software aufgrund einer unvollständigen Unterstützung für diese Funktion. Ein entfernter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen.", }, ], release_date: "2023-09-13T22:00:00.000+00:00", title: "CVE-2023-20191", }, { cve: "CVE-2023-20190", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Cisco IOS XR. Dieser Fehler besteht in der klassischen ACL-Komprimierungsfunktion (Access Control List) der XR-Software aufgrund eines falschen Zieladressbereichs. Ein Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen, indem er Datenverkehr durch das betroffene Gerät sendet, der durch die konfigurierte ACL verweigert werden sollte.", }, ], release_date: "2023-09-13T22:00:00.000+00:00", title: "CVE-2023-20190", }, { cve: "CVE-2023-20135", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Cisco IOS XR. Dieser Fehler besteht in der XR Software Image Verification aufgrund einer Time-of-Check, Time-of-Use (TOCTOU) Race Condition. Ein lokaler Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen.", }, ], release_date: "2023-09-13T22:00:00.000+00:00", title: "CVE-2023-20135", }, ], }
cve-2023-20191
Vulnerability from cvelistv5
Published
2023-09-13 16:41
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.
There are workarounds that address this vulnerability.
This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication .
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco IOS XR Software |
Version: 6.4.1 Version: 6.5.1 Version: 6.5.2 Version: 6.5.3 Version: 6.6.2 Version: 6.6.3 Version: 6.6.25 Version: 6.6.4 Version: 7.0.1 Version: 7.0.2 Version: 7.1.1 Version: 7.1.2 Version: 7.2.1 Version: 7.2.2 Version: 7.3.1 Version: 7.3.2 Version: 7.3.3 Version: 7.3.5 Version: 7.4.1 Version: 7.4.2 Version: 7.5.1 Version: 7.5.3 Version: 7.5.2 Version: 7.5.4 Version: 7.6.1 Version: 7.6.2 Version: 7.7.1 Version: 7.7.2 Version: 7.8.1 Version: 7.8.2 Version: 7.9.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:35.459Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-dnx-acl-PyzDkeYF", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnx-acl-PyzDkeYF", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco IOS XR Software", vendor: "Cisco", versions: [ { status: "affected", version: "6.4.1", }, { status: "affected", version: "6.5.1", }, { status: "affected", version: "6.5.2", }, { status: "affected", version: "6.5.3", }, { status: "affected", version: "6.6.2", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.25", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.1.1", }, { status: "affected", version: "7.1.2", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.2", }, { status: "affected", version: "7.3.3", }, { status: "affected", version: "7.3.5", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.2", }, { status: "affected", version: "7.5.1", }, { status: "affected", version: "7.5.3", }, { status: "affected", version: "7.5.2", }, { status: "affected", version: "7.5.4", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.6.2", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.7.2", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "7.8.2", }, { status: "affected", version: "7.9.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.\r\n\r There are workarounds that address this vulnerability.\r\n\r \r\n\r \r This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication .", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "Improper Access Control", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T16:57:53.685Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-dnx-acl-PyzDkeYF", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnx-acl-PyzDkeYF", }, ], source: { advisory: "cisco-sa-dnx-acl-PyzDkeYF", defects: [ "CSCwe63504", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20191", datePublished: "2023-09-13T16:41:32.625Z", dateReserved: "2022-10-27T18:47:50.364Z", dateUpdated: "2024-08-02T09:05:35.459Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20233
Vulnerability from cvelistv5
Published
2023-09-13 16:40
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco IOS XR Software |
Version: 5.2.0 Version: 5.2.1 Version: 5.2.2 Version: 5.2.4 Version: 5.2.3 Version: 5.2.5 Version: 5.3.0 Version: 5.3.1 Version: 5.3.2 Version: 5.3.3 Version: 5.3.4 Version: 6.1.1 Version: 6.1.2 Version: 6.1.3 Version: 6.1.4 Version: 6.2.1 Version: 6.2.2 Version: 6.2.3 Version: 6.2.25 Version: 6.3.2 Version: 6.3.3 Version: 6.3.15 Version: 6.4.1 Version: 6.4.2 Version: 6.4.3 Version: 6.5.1 Version: 6.5.2 Version: 6.6.2 Version: 6.6.3 Version: 6.6.25 Version: 6.6.4 Version: 7.0.1 Version: 7.0.2 Version: 7.1.1 Version: 7.1.15 Version: 7.1.2 Version: 7.1.3 Version: 6.7.1 Version: 6.7.2 Version: 6.7.3 Version: 6.7.4 Version: 7.2.1 Version: 7.2.2 Version: 7.3.1 Version: 7.3.2 Version: 7.3.3 Version: 7.4.1 Version: 7.4.2 Version: 6.8.1 Version: 6.8.2 Version: 7.5.1 Version: 7.5.3 Version: 7.5.2 Version: 7.6.1 Version: 7.6.2 Version: 7.7.1 Version: 7.7.2 Version: 6.9.1 Version: 6.9.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.620Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-ios-xr-cfm-3pWN8MKt", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-cfm-3pWN8MKt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco IOS XR Software", vendor: "Cisco", versions: [ { status: "affected", version: "5.2.0", }, { status: "affected", version: "5.2.1", }, { status: "affected", version: "5.2.2", }, { status: "affected", version: "5.2.4", }, { status: "affected", version: "5.2.3", }, { status: "affected", version: "5.2.5", }, { status: "affected", version: "5.3.0", }, { status: "affected", version: "5.3.1", }, { status: "affected", version: "5.3.2", }, { status: "affected", version: "5.3.3", }, { status: "affected", version: "5.3.4", }, { status: "affected", version: "6.1.1", }, { status: "affected", version: "6.1.2", }, { status: "affected", version: "6.1.3", }, { status: "affected", version: "6.1.4", }, { status: "affected", version: "6.2.1", }, { status: "affected", version: "6.2.2", }, { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.2.25", }, { status: "affected", version: "6.3.2", }, { status: "affected", version: "6.3.3", }, { status: "affected", version: "6.3.15", }, { status: "affected", version: "6.4.1", }, { status: "affected", version: "6.4.2", }, { status: "affected", version: "6.4.3", }, { status: "affected", version: "6.5.1", }, { status: "affected", version: "6.5.2", }, { status: "affected", version: "6.6.2", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.25", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.1.1", }, { status: "affected", version: "7.1.15", }, { status: "affected", version: "7.1.2", }, { status: "affected", version: "7.1.3", }, { status: "affected", version: "6.7.1", }, { status: "affected", version: "6.7.2", }, { status: "affected", version: "6.7.3", }, { status: "affected", version: "6.7.4", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.2", }, { status: "affected", version: "7.3.3", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.2", }, { status: "affected", version: "6.8.1", }, { status: "affected", version: "6.8.2", }, { status: "affected", version: "7.5.1", }, { status: "affected", version: "7.5.3", }, { status: "affected", version: "7.5.2", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.6.2", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.7.2", }, { status: "affected", version: "6.9.1", }, { status: "affected", version: "6.9.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "NULL Pointer Dereference", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T16:58:27.181Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-ios-xr-cfm-3pWN8MKt", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-cfm-3pWN8MKt", }, ], source: { advisory: "cisco-sa-ios-xr-cfm-3pWN8MKt", defects: [ "CSCwd75868", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20233", datePublished: "2023-09-13T16:40:15.314Z", dateReserved: "2022-10-27T18:47:50.369Z", dateUpdated: "2024-08-02T09:05:36.620Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20135
Vulnerability from cvelistv5
Published
2023-09-13 16:38
Modified
2024-10-23 19:41
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system.
This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A successful exploit could allow the attacker to execute arbitrary code on an affected device.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco IOS XR Software |
Version: 7.5.3 Version: 7.5.2 Version: 7.5.4 Version: 7.7.1 Version: 7.7.2 Version: 7.7.21 Version: 7.8.1 Version: 7.8.2 Version: 7.9.1 Version: 7.9.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:57:36.157Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-lnt-L9zOkBz5", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-L9zOkBz5", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20135", options: [ { Exploitation: "None", }, { Automatable: "No", }, { "Technical Impact": "Total", }, ], role: "CISA Coordinator", timestamp: "2023-11-15T16:36:16.730906Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T19:41:34.741Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco IOS XR Software", vendor: "Cisco", versions: [ { status: "affected", version: "7.5.3", }, { status: "affected", version: "7.5.2", }, { status: "affected", version: "7.5.4", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.7.2", }, { status: "affected", version: "7.7.21", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "7.8.2", }, { status: "affected", version: "7.9.1", }, { status: "affected", version: "7.9.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system.\r\n\r This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A successful exploit could allow the attacker to execute arbitrary code on an affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "Improper Verification of Cryptographic Signature", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T16:57:47.716Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-lnt-L9zOkBz5", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lnt-L9zOkBz5", }, ], source: { advisory: "cisco-sa-lnt-L9zOkBz5", defects: [ "CSCwd87928", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20135", datePublished: "2023-09-13T16:38:36.593Z", dateReserved: "2022-10-27T18:47:50.351Z", dateUpdated: "2024-10-23T19:41:34.741Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20236
Vulnerability from cvelistv5
Published
2023-09-13 16:39
Modified
2024-10-23 19:10
Severity ?
EPSS score ?
Summary
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.
This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco IOS XR Software |
Version: 5.2.0 Version: 5.2.1 Version: 5.2.2 Version: 5.2.4 Version: 5.2.3 Version: 5.2.5 Version: 5.2.47 Version: 5.3.0 Version: 5.3.1 Version: 5.3.2 Version: 5.3.3 Version: 5.3.4 Version: 6.0.0 Version: 6.0.1 Version: 6.0.2 Version: 6.1.1 Version: 6.1.2 Version: 6.1.3 Version: 6.1.4 Version: 6.1.12 Version: 6.1.22 Version: 6.1.32 Version: 6.1.36 Version: 6.1.42 Version: 6.2.1 Version: 6.2.2 Version: 6.2.3 Version: 6.2.25 Version: 6.2.11 Version: 6.3.2 Version: 6.3.3 Version: 6.3.15 Version: 6.4.1 Version: 6.4.2 Version: 6.4.3 Version: 6.5.1 Version: 6.5.2 Version: 6.5.3 Version: 6.5.25 Version: 6.5.26 Version: 6.5.28 Version: 6.5.29 Version: 6.5.32 Version: 6.5.33 Version: 6.6.2 Version: 6.6.3 Version: 6.6.25 Version: 6.6.4 Version: 7.0.1 Version: 7.0.2 Version: 7.0.12 Version: 7.0.14 Version: 7.1.1 Version: 7.1.15 Version: 7.1.2 Version: 7.1.3 Version: 6.7.1 Version: 6.7.2 Version: 6.7.3 Version: 6.7.4 Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.3.1 Version: 7.3.15 Version: 7.3.2 Version: 7.3.3 Version: 7.3.5 Version: 7.4.1 Version: 7.4.2 Version: 6.8.1 Version: 6.8.2 Version: 7.5.1 Version: 7.5.3 Version: 7.5.2 Version: 7.5.4 Version: 7.6.1 Version: 7.6.2 Version: 7.7.1 Version: 7.7.2 Version: 7.7.21 Version: 6.9.1 Version: 6.9.2 Version: 7.8.1 Version: 7.8.2 Version: 7.9.1 Version: 7.9.2 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:35.905Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:cisco:ios_xr_software:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios_xr_software", vendor: "cisco", versions: [ { lessThanOrEqual: "7.9.2", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-20236", options: [ { Exploitation: "None", }, { Automatable: "No", }, { "Technical Impact": "Total", }, ], role: "CISA Coordinator", timestamp: "2023-11-15T16:36:16.200980Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T19:10:48.388Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco IOS XR Software", vendor: "Cisco", versions: [ { status: "affected", version: "5.2.0", }, { status: "affected", version: "5.2.1", }, { status: "affected", version: "5.2.2", }, { status: "affected", version: "5.2.4", }, { status: "affected", version: "5.2.3", }, { status: "affected", version: "5.2.5", }, { status: "affected", version: "5.2.47", }, { status: "affected", version: "5.3.0", }, { status: "affected", version: "5.3.1", }, { status: "affected", version: "5.3.2", }, { status: "affected", version: "5.3.3", }, { status: "affected", version: "5.3.4", }, { status: "affected", version: "6.0.0", }, { status: "affected", version: "6.0.1", }, { status: "affected", version: "6.0.2", }, { status: "affected", version: "6.1.1", }, { status: "affected", version: "6.1.2", }, { status: "affected", version: "6.1.3", }, { status: "affected", version: "6.1.4", }, { status: "affected", version: "6.1.12", }, { status: "affected", version: "6.1.22", }, { status: "affected", version: "6.1.32", }, { status: "affected", version: "6.1.36", }, { status: "affected", version: "6.1.42", }, { status: "affected", version: "6.2.1", }, { status: "affected", version: "6.2.2", }, { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.2.25", }, { status: "affected", version: "6.2.11", }, { status: "affected", version: "6.3.2", }, { status: "affected", version: "6.3.3", }, { status: "affected", version: "6.3.15", }, { status: "affected", version: "6.4.1", }, { status: "affected", version: "6.4.2", }, { status: "affected", version: "6.4.3", }, { status: "affected", version: "6.5.1", }, { status: "affected", version: "6.5.2", }, { status: "affected", version: "6.5.3", }, { status: "affected", version: "6.5.25", }, { status: "affected", version: "6.5.26", }, { status: "affected", version: "6.5.28", }, { status: "affected", version: "6.5.29", }, { status: "affected", version: "6.5.32", }, { status: "affected", version: "6.5.33", }, { status: "affected", version: "6.6.2", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.25", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.12", }, { status: "affected", version: "7.0.14", }, { status: "affected", version: "7.1.1", }, { status: "affected", version: "7.1.15", }, { status: "affected", version: "7.1.2", }, { status: "affected", version: "7.1.3", }, { status: "affected", version: "6.7.1", }, { status: "affected", version: "6.7.2", }, { status: "affected", version: "6.7.3", }, { status: "affected", version: "6.7.4", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.15", }, { status: "affected", version: "7.3.2", }, { status: "affected", version: "7.3.3", }, { status: "affected", version: "7.3.5", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.2", }, { status: "affected", version: "6.8.1", }, { status: "affected", version: "6.8.2", }, { status: "affected", version: "7.5.1", }, { status: "affected", version: "7.5.3", }, { status: "affected", version: "7.5.2", }, { status: "affected", version: "7.5.4", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.6.2", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.7.2", }, { status: "affected", version: "7.7.21", }, { status: "affected", version: "6.9.1", }, { status: "affected", version: "6.9.2", }, { status: "affected", version: "7.8.1", }, { status: "affected", version: "7.8.2", }, { status: "affected", version: "7.9.1", }, { status: "affected", version: "7.9.2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.\r\n\r This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "Improper Verification of Cryptographic Signature", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-07T19:50:10.951Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB", }, ], source: { advisory: "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB", defects: [ "CSCvz63925", "CSCvz63918", "CSCwe12502", "CSCvz63929", "CSCwi31568", "CSCwh78724", "CSCwi26526", "CSCwh70601", "CSCwh78727", "CSCwj83430", "CSCwj88475", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20236", datePublished: "2023-09-13T16:39:19.418Z", dateReserved: "2022-10-27T18:47:50.370Z", dateUpdated: "2024-10-23T19:10:48.388Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20190
Vulnerability from cvelistv5
Published
2023-09-13 16:43
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device.
This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting.
There are workarounds that address this vulnerability.
This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication .
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco IOS XR Software |
Version: 5.2.0 Version: 5.2.1 Version: 5.2.2 Version: 5.2.4 Version: 5.2.3 Version: 5.2.5 Version: 5.2.47 Version: 5.3.0 Version: 5.3.1 Version: 5.3.2 Version: 5.3.3 Version: 5.3.4 Version: 6.0.0 Version: 6.0.1 Version: 6.0.2 Version: 6.1.1 Version: 6.1.2 Version: 6.1.3 Version: 6.1.4 Version: 6.1.12 Version: 6.1.22 Version: 6.1.32 Version: 6.1.36 Version: 6.1.42 Version: 6.2.1 Version: 6.2.2 Version: 6.2.3 Version: 6.2.25 Version: 6.2.11 Version: 6.3.2 Version: 6.3.3 Version: 6.3.15 Version: 6.4.1 Version: 6.4.2 Version: 6.4.3 Version: 6.5.1 Version: 6.5.2 Version: 6.5.3 Version: 6.5.25 Version: 6.5.26 Version: 6.5.28 Version: 6.5.29 Version: 6.5.32 Version: 6.5.33 Version: 6.6.2 Version: 6.6.3 Version: 6.6.25 Version: 6.6.4 Version: 7.0.1 Version: 7.0.2 Version: 7.0.12 Version: 7.0.14 Version: 7.1.1 Version: 7.1.15 Version: 7.1.2 Version: 7.1.3 Version: 6.7.1 Version: 6.7.2 Version: 6.7.3 Version: 6.7.4 Version: 7.2.0 Version: 7.2.1 Version: 7.2.2 Version: 7.3.1 Version: 7.3.15 Version: 7.3.2 Version: 7.3.3 Version: 7.4.1 Version: 7.4.2 Version: 6.8.1 Version: 6.8.2 Version: 7.5.1 Version: 7.5.3 Version: 7.5.2 Version: 7.6.1 Version: 7.6.2 Version: 7.7.1 Version: 7.7.2 Version: 6.9.1 Version: 6.9.2 Version: 7.8.1 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:35.387Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-comp3acl-vGmp6BQ3", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-comp3acl-vGmp6BQ3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco IOS XR Software", vendor: "Cisco", versions: [ { status: "affected", version: "5.2.0", }, { status: "affected", version: "5.2.1", }, { status: "affected", version: "5.2.2", }, { status: "affected", version: "5.2.4", }, { status: "affected", version: "5.2.3", }, { status: "affected", version: "5.2.5", }, { status: "affected", version: "5.2.47", }, { status: "affected", version: "5.3.0", }, { status: "affected", version: "5.3.1", }, { status: "affected", version: "5.3.2", }, { status: "affected", version: "5.3.3", }, { status: "affected", version: "5.3.4", }, { status: "affected", version: "6.0.0", }, { status: "affected", version: "6.0.1", }, { status: "affected", version: "6.0.2", }, { status: "affected", version: "6.1.1", }, { status: "affected", version: "6.1.2", }, { status: "affected", version: "6.1.3", }, { status: "affected", version: "6.1.4", }, { status: "affected", version: "6.1.12", }, { status: "affected", version: "6.1.22", }, { status: "affected", version: "6.1.32", }, { status: "affected", version: "6.1.36", }, { status: "affected", version: "6.1.42", }, { status: "affected", version: "6.2.1", }, { status: "affected", version: "6.2.2", }, { status: "affected", version: "6.2.3", }, { status: "affected", version: "6.2.25", }, { status: "affected", version: "6.2.11", }, { status: "affected", version: "6.3.2", }, { status: "affected", version: "6.3.3", }, { status: "affected", version: "6.3.15", }, { status: "affected", version: "6.4.1", }, { status: "affected", version: "6.4.2", }, { status: "affected", version: "6.4.3", }, { status: "affected", version: "6.5.1", }, { status: "affected", version: "6.5.2", }, { status: "affected", version: "6.5.3", }, { status: "affected", version: "6.5.25", }, { status: "affected", version: "6.5.26", }, { status: "affected", version: "6.5.28", }, { status: "affected", version: "6.5.29", }, { status: "affected", version: "6.5.32", }, { status: "affected", version: "6.5.33", }, { status: "affected", version: "6.6.2", }, { status: "affected", version: "6.6.3", }, { status: "affected", version: "6.6.25", }, { status: "affected", version: "6.6.4", }, { status: "affected", version: "7.0.1", }, { status: "affected", version: "7.0.2", }, { status: "affected", version: "7.0.12", }, { status: "affected", version: "7.0.14", }, { status: "affected", version: "7.1.1", }, { status: "affected", version: "7.1.15", }, { status: "affected", version: "7.1.2", }, { status: "affected", version: "7.1.3", }, { status: "affected", version: "6.7.1", }, { status: "affected", version: "6.7.2", }, { status: "affected", version: "6.7.3", }, { status: "affected", version: "6.7.4", }, { status: "affected", version: "7.2.0", }, { status: "affected", version: "7.2.1", }, { status: "affected", version: "7.2.2", }, { status: "affected", version: "7.3.1", }, { status: "affected", version: "7.3.15", }, { status: "affected", version: "7.3.2", }, { status: "affected", version: "7.3.3", }, { status: "affected", version: "7.4.1", }, { status: "affected", version: "7.4.2", }, { status: "affected", version: "6.8.1", }, { status: "affected", version: "6.8.2", }, { status: "affected", version: "7.5.1", }, { status: "affected", version: "7.5.3", }, { status: "affected", version: "7.5.2", }, { status: "affected", version: "7.6.1", }, { status: "affected", version: "7.6.2", }, { status: "affected", version: "7.7.1", }, { status: "affected", version: "7.7.2", }, { status: "affected", version: "6.9.1", }, { status: "affected", version: "6.9.2", }, { status: "affected", version: "7.8.1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device.\r\n\r This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting.\r\n\r There are workarounds that address this vulnerability.\r\n\r \r\n\r \r This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication .", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-264", description: "Permissions, Privileges, and Access Control", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T16:57:53.381Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-comp3acl-vGmp6BQ3", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-comp3acl-vGmp6BQ3", }, ], source: { advisory: "cisco-sa-comp3acl-vGmp6BQ3", defects: [ "CSCwe08950", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20190", datePublished: "2023-09-13T16:43:32.847Z", dateReserved: "2022-10-27T18:47:50.364Z", dateUpdated: "2024-08-02T09:05:35.387Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.