csaf_siemens - ssa-406691

SSA-406691

Vulnerability from csaf_siemens - Published: 2022-03-08 00:00 - Updated: 2022-03-08 00:00

Summary

SSA-406691: Buffer Vulnerabilities in DHCP function of RUGGEDCOM ROX products

Notes

Summary

A vulnerability in the RUGGEDCOM ROX devices' third party component, ISC DHCP, could allow an attacker to cause a buffer overrun due to a bug when reading a stored DHCP lease containing certain option information, eventually leading to a denial-of-service condition, or cause a remote-code execution. Siemens has released updates for the affected products and recommends to update to the latest versions.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.

JSON

To clipboard

{
  "document": {
    "category": "Siemens Security Advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited.",
      "tlp": {
        "label": "WHITE"
      }
    },
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in the RUGGEDCOM ROX devices\u0027 third party component, ISC DHCP, could allow an attacker to cause a buffer overrun due to a bug when reading a stored DHCP lease containing certain option information, eventually leading to a denial-of-service condition, or cause a remote-code execution.\n\nSiemens has released updates for the affected products and recommends to update to the latest versions.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-406691: Buffer Vulnerabilities in DHCP function of RUGGEDCOM ROX products - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-406691: Buffer Vulnerabilities in DHCP function of RUGGEDCOM ROX products - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-406691.txt"
      },
      {
        "category": "self",
        "summary": "SSA-406691: Buffer Vulnerabilities in DHCP function of RUGGEDCOM ROX products - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-406691.json"
      }
    ],
    "title": "SSA-406691: Buffer Vulnerabilities in DHCP function of RUGGEDCOM ROX products",
    "tracking": {
      "current_release_date": "2022-03-08T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-406691",
      "initial_release_date": "2022-03-08T00:00:00Z",
      "revision_history": [
        {
          "date": "2022-03-08T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= V2.3.0 and \u003c V2.15.0",
                "product": {
                  "name": "RUGGEDCOM ROX MX5000",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM ROX MX5000"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c V2.15.0",
                "product": {
                  "name": "RUGGEDCOM ROX RX1400",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM ROX RX1400"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= V2.3.0 and \u003c V2.15.0",
                "product": {
                  "name": "RUGGEDCOM ROX RX1500",
                  "product_id": "3"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM ROX RX1500"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= V2.3.0 and \u003c V2.15.0",
                "product": {
                  "name": "RUGGEDCOM ROX RX1501",
                  "product_id": "4"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM ROX RX1501"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= V2.3.0 and \u003c V2.15.0",
                "product": {
                  "name": "RUGGEDCOM ROX RX1510",
                  "product_id": "5"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM ROX RX1510"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= V2.3.0 and \u003c V2.15.0",
                "product": {
                  "name": "RUGGEDCOM ROX RX1511",
                  "product_id": "6"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM ROX RX1511"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= V2.3.0 and \u003c V2.15.0",
                "product": {
                  "name": "RUGGEDCOM ROX RX1512",
                  "product_id": "7"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM ROX RX1512"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c V2.15.0",
                "product": {
                  "name": "RUGGEDCOM ROX RX1524",
                  "product_id": "8"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM ROX RX1524"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c V2.15.0",
                "product": {
                  "name": "RUGGEDCOM ROX RX1536",
                  "product_id": "9"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM ROX RX1536"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= V2.3.0 and \u003c V2.15.0",
                "product": {
                  "name": "RUGGEDCOM ROX RX5000",
                  "product_id": "10"
                }
              }
            ],
            "category": "product_name",
            "name": "RUGGEDCOM ROX RX5000"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-25217",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected products contain the third party component, ISC DHCP, that possesses a vulnerability if used as a DHCP client or server. The vulnerability affects the DHCP package when storing and reading DHCP lease information containing particular option information.\n\nAn attacker could exploit this vulnerability to affect the availability of the DHCP client or server, or in the worst case affect the confidentiality or integrity of device through a buffer overflow or cause a remote-code execution.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10"
        ]
      },
      "references": [
        {
          "summary": "CVE-2021-25217 - RUGGEDCOM ROX MX5000",
          "url": "https://support.industry.siemens.com/cs/document/109805782/"
        },
        {
          "summary": "CVE-2021-25217 - RUGGEDCOM ROX RX1400",
          "url": "https://support.industry.siemens.com/cs/document/109805782/"
        },
        {
          "summary": "CVE-2021-25217 - RUGGEDCOM ROX RX1500",
          "url": "https://support.industry.siemens.com/cs/document/109805782/"
        },
        {
          "summary": "CVE-2021-25217 - RUGGEDCOM ROX RX1501",
          "url": "https://support.industry.siemens.com/cs/document/109805782/"
        },
        {
          "summary": "CVE-2021-25217 - RUGGEDCOM ROX RX1510",
          "url": "https://support.industry.siemens.com/cs/document/109805782/"
        },
        {
          "summary": "CVE-2021-25217 - RUGGEDCOM ROX RX1511",
          "url": "https://support.industry.siemens.com/cs/document/109805782/"
        },
        {
          "summary": "CVE-2021-25217 - RUGGEDCOM ROX RX1512",
          "url": "https://support.industry.siemens.com/cs/document/109805782/"
        },
        {
          "summary": "CVE-2021-25217 - RUGGEDCOM ROX RX1524",
          "url": "https://support.industry.siemens.com/cs/document/109805782/"
        },
        {
          "summary": "CVE-2021-25217 - RUGGEDCOM ROX RX1536",
          "url": "https://support.industry.siemens.com/cs/document/109805782/"
        },
        {
          "summary": "CVE-2021-25217 - RUGGEDCOM ROX RX5000",
          "url": "https://support.industry.siemens.com/cs/document/109805782/"
        },
        {
          "summary": "CVE-2021-25217 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-25217.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V2.15.0 or later version",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10"
          ],
          "url": "https://support.industry.siemens.com/cs/document/109805782/"
        },
        {
          "category": "workaround",
          "details": "Disable the DHCP server if not needed for operations",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10"
          ]
        },
        {
          "category": "workaround",
          "details": "Disable the DHCP client if not needed for operations",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10"
          ]
        }
      ],
      "title": "CVE-2021-25217"
    }
  ]
}

CVE-2021-25217 (GCVE-0-2021-25217)

Vulnerability from cvelistv5 – Published: 2021-05-26 22:10 – Updated: 2024-09-16 22:08

Summary

In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

Program code used by the ISC DHCP package to read and parse stored leases has a defect that can be exploited by an attacker to cause one of several undesirable outcomes, depending on the component attacked and the way in which it was compiled. Because of a discrepancy between the code which handles encapsulated option information in leases transmitted "on the wire" and the code which reads and parses lease information after it has been written to disk storage, it is potentially possible for an attacker to deliberately cause a situation where: dhcpd, while running in DHCPv4 or DHCPv6 mode, or dhclient, the ISC DHCP client implementation will attempt to read a stored lease that contains option information which will trigger a bug in the option parsing code. Affects ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2. Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability. Affects both dhcpd (server) and dhcpcd (client).

Assigner

isc

References

URL

Tags

	https://kb.isc.org/docs/cve-2021-25217
	http://www.openwall.com/lists/oss-security/2021/05/26/6	mailing-list
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021…	mailing-list
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://cert-portal.siemens.com/productcert/pdf/s…
	https://security.netapp.com/advisory/ntap-2022032…
	https://cert-portal.siemens.com/productcert/pdf/s…
	https://security.gentoo.org/glsa/202305-22	vendor-advisory

Impacted products

	Vendor	Product	Version
	ISC	ISC DHCP	Affected: 4.1 ESV , < 4.1-ESV-R16-P1 (custom) Affected: 4.4 , < 4.4.2-P1 (custom)

Credits

ISC would like to thank Jon Franklin from Dell and Pawel Wieczorkiewicz from Amazon Web Services for (independently) reporting this vulnerability.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2021-25217"
          },
          {
            "name": "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
          },
          {
            "name": "FEDORA-2021-08cdb4dc34",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/"
          },
          {
            "name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
          },
          {
            "name": "FEDORA-2021-8ca8263bde",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
          },
          {
            "name": "GLSA-202305-22",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ISC DHCP",
          "vendor": "ISC",
          "versions": [
            {
              "lessThan": "4.1-ESV-R16-P1",
              "status": "affected",
              "version": "4.1 ESV",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.2-P1",
              "status": "affected",
              "version": "4.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Jon Franklin from Dell and Pawel Wieczorkiewicz from Amazon Web Services for (independently) reporting this vulnerability."
        }
      ],
      "datePublic": "2021-05-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Program code used by the ISC DHCP package to read and parse stored leases has a defect that can be exploited by an attacker to cause one of several undesirable outcomes, depending on the component attacked and the way in which it was compiled.  Because of a discrepancy between the code which handles encapsulated option information in leases transmitted \"on the wire\" and the code which reads and parses lease information after it has been written to disk storage, it is potentially possible for an attacker to deliberately cause a situation where:      dhcpd, while running in DHCPv4 or DHCPv6 mode, or     dhclient, the ISC DHCP client implementation  will attempt to read a stored lease that contains option information which will trigger a bug in the option parsing code.  Affects ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2. Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability.  Affects both dhcpd (server) and dhcpcd (client).",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-03T00:00:00",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "url": "https://kb.isc.org/docs/cve-2021-25217"
        },
        {
          "name": "[oss-security] 20210526 ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
        },
        {
          "name": "FEDORA-2021-08cdb4dc34",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LB42JWIV4M4WDNXX5VGIP26FEYWKIF/"
        },
        {
          "name": "[debian-lts-announce] 20210603 [SECURITY] [DLA 2674-1] isc-dhcp security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
        },
        {
          "name": "FEDORA-2021-8ca8263bde",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5QI4DYC7J4BGHEW3NH4XHMWTHYC36UK4/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
        },
        {
          "name": "GLSA-202305-22",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-22"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of ISC DHCP:\n\n    ISC DHCP 4.1-ESV-R16-P1\n    ISC DHCP 4.4.2-P1"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient",
      "workarounds": [
        {
          "lang": "en",
          "value": "None known."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2021-25217",
    "datePublished": "2021-05-26T22:10:11.312869Z",
    "dateReserved": "2021-01-15T00:00:00",
    "dateUpdated": "2024-09-16T22:08:32.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SSA-406691

CVE-2021-25217 (GCVE-0-2021-25217)

Tags

Sightings

Nomenclature