gsd-2023-3646
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-3646",
"id": "GSD-2023-3646"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-3646"
],
"details": "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\n",
"id": "GSD-2023-3646",
"modified": "2023-12-13T01:20:54.814806Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"ID": "CVE-2023-3646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EOS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.28.2F",
"version_value": "4.28.5.1M "
},
{
"version_affected": "\u003c=",
"version_name": "4.29.0",
"version_value": "4.29.1F"
}
]
}
}
]
},
"vendor_name": "Arista Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eMirroring to multiple destinations must be configured:\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch(config)#show monitor session\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eSession s1\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e------------------------\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eSources:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eBoth Interfaces: \u0026nbsp; \u0026nbsp; \u0026nbsp; Et1/1\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eDestination Ports:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u0026nbsp; \u0026nbsp; Et9/1 : active\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003e\u0026nbsp; \u0026nbsp; Et10/1 : active\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn the above example two destinations, Et9/1 and Et10/1, are configured.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eMirroring config must be added with mirror destination being ethernet port, example:\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eswitch # show running-config | section monitor\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003emonitor session APCON destination Ethernet54/1\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn the above example the argument after destination is an Ethernet port.\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Mirroring to multiple destinations must be configured:\n\nswitch(config)#show monitor session\n\n\nSession s1\n\n------------------------\n\n\nSources:\n\n\nBoth Interfaces: \u00a0 \u00a0 \u00a0 Et1/1\n\n\nDestination Ports:\n\n\n\u00a0 \u00a0 Et9/1 : active\n\n\u00a0 \u00a0 Et10/1 : active\n\n\n\nIn the above example two destinations, Et9/1 and Et10/1, are configured.\n\n\nMirroring config must be added with mirror destination being ethernet port, example:\n\nswitch # show running-config | section monitor\n\nmonitor session APCON destination Ethernet54/1\n\n\n\nIn the above example the argument after destination is an Ethernet port.\n\n\n\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-125",
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088",
"refsource": "MISC",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088"
}
]
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003cbr\u003eFor more information about upgrading see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cp\u003eCVE-2023-3646 has been fixed in the following releases:\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.28.6M and later releases in the 4.28.x train\u003c/li\u003e\u003cli\u003e4.29.2F and later releases in the 4.29.x train\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2023-3646 has been fixed in the following releases:\n\n * 4.28.6M and later releases in the 4.28.x train\n * 4.29.2F and later releases in the 4.29.x train\n\n\n"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch3\u003eHotfix\u003c/h3\u003e\u003cp\u003eThe following hotfix can be applied to remediate CVE-2023-3646. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):\u003c/p\u003e\u003cul\u003e\u003cli\u003e4.28.2F through 4.28.5.1M releases in the 4.28.x train\u003c/li\u003e\u003cli\u003e4.29.1F and earlier releases in the 4.29.X train\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eNote: Installing/uninstalling the Hotfix will result in a restart of the SandFapNi agent and an associated reprogramming of the switch chip. This process could result in outages from 5-20 minutes, depending on the number of active ports in the particular system.\u003c/p\u003e\u003cp\u003eTo determine which hotfix to use, run \u201c\u003cb\u003eshow version\u003c/b\u003e\u201d from the CLI and refer to the \u201cArchitecture\u201d Field.\u003c/p\u003e\u003cdiv\u003eVersion: 1.0\u003cbr\u003eURL: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa=88-SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix\"\u003eSecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix\u003c/a\u003e\u003cpre\u003eSWIX hash:(SHA-512)\n9c01d1bc1d657879e1a1b657a8c0dab090d589efc3f2c64e9cac1ae0356fce14496809893bffb0892b1505f8b4ee25cad0064bd7315ba6737dc5fdb200539f1a\n\u003c/pre\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eURL: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/advisories-notices/sa-download/?sa=88-SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix\"\u003eSecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix\u003c/a\u003e\u003cpre\u003eSWIX hash:(SHA512)\n98e98c2c34f81df4da3e4068ac9a81191f4c6ef1acab884972d092c79a7495e00d9a25c8713620d3e25b4699f777810a627634eb8078dcbbb19317ed27a9b0d5 \n\u003c/pre\u003e\u003c/div\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eFor instructions on installation and verification of the hotfix patch, refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-managing-eos-extensions?searchword=eos%20section%206%206%20managing%20eos%20extensions\"\u003e\u201cmanaging eos extensions\u201d\u003c/a\u003e\u0026nbsp;section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "HotfixThe following hotfix can be applied to remediate CVE-2023-3646. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above):\n\n * 4.28.2F through 4.28.5.1M releases in the 4.28.x train\n * 4.29.1F and earlier releases in the 4.29.X train\n\n\nNote: Installing/uninstalling the Hotfix will result in a restart of the SandFapNi agent and an associated reprogramming of the switch chip. This process could result in outages from 5-20 minutes, depending on the number of active ports in the particular system.\n\nTo determine which hotfix to use, run \u201cshow version\u201d from the CLI and refer to the \u201cArchitecture\u201d Field.\n\nVersion: 1.0\nURL: SecurityAdvisory88_CVE-2023-3646_Hotfix_i686.swix https://www.arista.com/support/advisories-notices/sa-download/ SWIX hash:(SHA-512)\n9c01d1bc1d657879e1a1b657a8c0dab090d589efc3f2c64e9cac1ae0356fce14496809893bffb0892b1505f8b4ee25cad0064bd7315ba6737dc5fdb200539f1a\n\n\n\n\n\u00a0\n\nURL: SecurityAdvisory88_CVE-2023-3646_Hotfix_x86_64.swix https://www.arista.com/support/advisories-notices/sa-download/ SWIX hash:(SHA512)\n98e98c2c34f81df4da3e4068ac9a81191f4c6ef1acab884972d092c79a7495e00d9a25c8713620d3e25b4699f777810a627634eb8078dcbbb19317ed27a9b0d5 \n\n\n\n\n\u00a0\n\nFor instructions on installation and verification of the hotfix patch, refer to the \u201cmanaging eos extensions\u201d https://www.arista.com/en/um-eos/eos-managing-eos-extensions \u00a0section in the EOS User Manual. Ensure that the patch is made persistent across reboots by running the command \u2018copy installed-extensions boot-extensions\u2019.\n\n\n"
}
],
"source": {
"advisory": "88",
"defect": [
"BUG829136",
"BUG765111"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe suggestion to prevent this issue is to remove any mirroring config\u003c/span\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e#show monitor session\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eNo sessions created\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis example confirms that the system does not have any mirroring config present which will prevent this issue from occurring.\u003c/span\u003e\u003c/p\u003e\u003c/b\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The suggestion to prevent this issue is to remove any mirroring config\n\n#show monitor session\n\nNo sessions created\n\n\n\nThis example confirms that the system does not have any mirroring config present which will prevent this issue from occurring.\n\n\n\n"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.28.5.1m",
"versionStartIncluding": "4.28.2f",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.29.2f",
"versionStartIncluding": "4.29.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arista:7280cr3-32d4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280cr3-32p4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280cr3-36s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280cr3-96:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280cr3a-24d12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280cr3a-48d6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280cr3a-72:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280dr3-24:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280dr3a-36:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280dr3a-54:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280dr3ak-36:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280dr3ak-54:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280dr3am-36:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280dr3am-54:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280pr3-24:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280r3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280sr3-40yc6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280sr3-48yc8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7280tr3-40c6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7289r3a-sc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7289r3ak-sc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7289r3am-sc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7500r3-24d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7500r3-24p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7500r3-36cq:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7500r3k-36cq:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7500r3k-48y4d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7504r3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7508r3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7512r3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7800r3-36d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7800r3-36p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7800r3-48cq:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7800r3a-36d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7800r3a-36dm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7800r3a-36p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7800r3a-36pm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7800r3ak-36dm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7800r3ak-36pm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7800r3k-36dm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7800r3k-48cq:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7800r3k-48cqms:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7800r3k-72y7512r3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7808r3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7812r3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:arista:7816r3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@arista.com",
"ID": "CVE-2023-3646"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088",
"refsource": "MISC",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/18042-security-advisory-0088"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-09-05T18:52Z",
"publishedDate": "2023-08-29T17:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.