Action not permitted
Modal body text goes here.
ssa-455250
Vulnerability from csaf_siemens
Published
2024-04-09 00:00
Modified
2024-05-14 00:00
Summary
SSA-455250: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices
Notes
Summary
Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.
Siemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks' upstream security notifications.
[1] https://security.paloaltonetworks.com/?version=11.0.1&product=PAN-OS
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)", "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Palo Alto Networks has published [1] information on vulnerabilities in PAN-OS. This advisory lists the related Siemens Industrial products affected by these vulnerabilities.\n\nSiemens is preparing updates and recommends specific countermeasures for products where updates are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks\u0027 upstream security notifications.\n\n[1] https://security.paloaltonetworks.com/?version=11.0.1\u0026product=PAN-OS", "title": "Summary" }, { "category": "general", "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "title": "General Recommendations" }, { "category": "general", "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "legal_disclaimer", "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "productcert@siemens.com", "name": "Siemens ProductCERT", "namespace": "https://www.siemens.com" }, "references": [ { "category": "self", "summary": "SSA-455250: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices - HTML Version", "url": "https://cert-portal.siemens.com/productcert/html/ssa-455250.html" }, { "category": "self", "summary": "SSA-455250: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices - CSAF Version", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-455250.json" }, { "category": "self", "summary": "SSA-455250: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices - PDF Version", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-455250.pdf" }, { "category": "self", "summary": "SSA-455250: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices - TXT Version", "url": "https://cert-portal.siemens.com/productcert/txt/ssa-455250.txt" } ], "title": "SSA-455250: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices", "tracking": { "current_release_date": "2024-05-14T00:00:00Z", "generator": { "engine": { "name": "Siemens ProductCERT CSAF Generator", "version": "1" } }, "id": "SSA-455250", "initial_release_date": "2024-04-09T00:00:00Z", "revision_history": [ { "date": "2024-04-09T00:00:00Z", "legacy_version": "1.0", "number": "1", "summary": "Publication Date" }, { "date": "2024-05-14T00:00:00Z", "legacy_version": "1.1", "number": "2", "summary": "Added newly published upstream vulnerabilities: CVE-2017-8923, CVE-2017-9120, CVE-2020-25658, CVE-2021-21708, CVE-2021-43527, CVE-2022-1271, CVE-2022-31676, CVE-2022-3515, CVE-2022-37454, CVE-2022-47629, CVE-2023-0286, CVE-2024-3383, CVE-2024-3386, CVE-2024-3387, CVE-2024-3388, CVE-2024-3400" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM APE1808", "product_id": "1" } }, { "category": "product_version_range", "name": "All versions with Palo Alto Networks Virtual NGFW configured with support for the CHACHA20-POLY1305 algorithm or any Encrypt-then-MAC algorithms", "product": { "name": "RUGGEDCOM APE1808", "product_id": "2" } }, { "category": "product_version_range", "name": "All versions with Palo Alto Networks Virtual NGFW", "product": { "name": "RUGGEDCOM APE1808", "product_id": "3" } }, { "category": "product_version_range", "name": "All versions with Palo Alto Networks Virtual NGFW that are configured with BGP routing features enabled", "product": { "name": "RUGGEDCOM APE1808", "product_id": "4" } } ], "category": "product_name", "name": "RUGGEDCOM APE1808" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-8923", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "summary", "text": "The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script\u0027s use of .= with a long string.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2017-8923" }, { "cve": "CVE-2017-9120", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "summary", "text": "PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2017-9120" }, { "cve": "CVE-2020-25658", "cwe": { "id": "CWE-385", "name": "Covert Timing Channel" }, "notes": [ { "category": "summary", "text": "It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2020-25658" }, { "cve": "CVE-2021-21708", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "summary", "text": "In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2021-21708" }, { "cve": "CVE-2021-43527", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "summary", "text": "NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. Note: This vulnerability does NOT impact Mozilla Firefox. However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS \u003c 3.73 and NSS \u003c 3.68.1.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2021-43527" }, { "cve": "CVE-2022-1271", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "An arbitrary file write vulnerability was found in GNU gzip\u0027s zgrep utility. When zgrep is applied on the attacker\u0027s chosen file name (for example, a crafted file name), this can overwrite an attacker\u0027s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2022-1271" }, { "cve": "CVE-2022-3515", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "summary", "text": "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2022-3515" }, { "cve": "CVE-2022-31676", "cwe": { "id": "CWE-269", "name": "Improper Privilege Management" }, "notes": [ { "category": "summary", "text": "VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2022-31676" }, { "cve": "CVE-2022-37454", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "summary", "text": "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2022-37454" }, { "cve": "CVE-2022-47629", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "summary", "text": "Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2022-47629" }, { "cve": "CVE-2023-0286", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "summary", "text": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2023-0286" }, { "cve": "CVE-2023-6789", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "notes": [ { "category": "summary", "text": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator.", "title": "Summary" } ], "product_status": { "known_affected": [ "3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information.", "product_ids": [ "3" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "3" ] } ], "title": "CVE-2023-6789" }, { "cve": "CVE-2023-6793", "cwe": { "id": "CWE-269", "name": "Improper Privilege Management" }, "notes": [ { "category": "summary", "text": "An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.", "title": "Summary" } ], "product_status": { "known_affected": [ "3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information.", "product_ids": [ "3" ] } ], "scores": [ { "cvss_v3": { "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "3" ] } ], "title": "CVE-2023-6793" }, { "cve": "CVE-2023-38802", "cwe": { "id": "CWE-754", "name": "Improper Check for Unusual or Exceptional Conditions" }, "notes": [ { "category": "summary", "text": "FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation)", "title": "Summary" } ], "product_status": { "known_affected": [ "4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information.", "product_ids": [ "4" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "4" ] } ], "title": "CVE-2023-38802" }, { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "notes": [ { "category": "summary", "text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.", "title": "Summary" } ], "product_status": { "known_affected": [ "2" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "2" ] }, { "category": "workaround", "details": "CVE-2023-48795: Customers can resolve this issue by configuring the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available (ciphers with -etm in the name) in PAN-OS software. See Palo Alto Networks\u0027 upstream documentation \nhttps://security.paloaltonetworks.com/CVE-2023-48795 for additional guidance", "product_ids": [ "2" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "2" ] } ], "title": "CVE-2023-48795" }, { "cve": "CVE-2024-0008", "cwe": { "id": "CWE-613", "name": "Insufficient Session Expiration" }, "notes": [ { "category": "summary", "text": "Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.", "title": "Summary" } ], "product_status": { "known_affected": [ "3" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information.", "product_ids": [ "3" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "3" ] } ], "title": "CVE-2024-0008" }, { "cve": "CVE-2024-3383", "cwe": { "id": "CWE-282", "name": "Improper Ownership Management" }, "notes": [ { "category": "summary", "text": "A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-3383" }, { "cve": "CVE-2024-3386", "cwe": { "id": "CWE-436", "name": "Interpretation Conflict" }, "notes": [ { "category": "summary", "text": "An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-3386" }, { "cve": "CVE-2024-3387", "cwe": { "id": "CWE-326", "name": "Inadequate Encryption Strength" }, "notes": [ { "category": "summary", "text": "A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-3387" }, { "cve": "CVE-2024-3388", "cwe": { "id": "CWE-269", "name": "Improper Privilege Management" }, "notes": [ { "category": "summary", "text": "A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-3388" } ] }
cve-2024-3387
Vulnerability from cvelistv5
Published
2024-04-10 17:06
Modified
2024-08-01 20:12
Severity ?
EPSS score ?
Summary
PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "pan-os", "vendor": "paloaltonetworks", "versions": [ { "status": "affected", "version": "10.2.2" } ] }, { "cpes": [ "cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "pan-os", "vendor": "paloaltonetworks", "versions": [ { "status": "affected", "version": "10.1.0" } ] }, { "cpes": [ "cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "pan-os", "vendor": "paloaltonetworks", "versions": [ { "status": "affected", "version": "11.0.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-3387", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-19T19:33:54.917377Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:31:52.758Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:12:06.646Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2024-3387" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "9.0.0" }, { "status": "unaffected", "version": "9.1.0" }, { "changes": [ { "at": "10.1.12", "status": "unaffected" } ], "lessThan": "10.1.12", "status": "affected", "version": "10.1.0", "versionType": "custom" }, { "changes": [ { "at": "10.2.7-h3", "status": "unaffected" } ], "lessThan": "10.2.7-h3", "status": "affected", "version": "10.2.0", "versionType": "custom" }, { "changes": [ { "at": "10.2.8", "status": "unaffected" } ], "lessThan": "10.2.8", "status": "affected", "version": "10.2.0", "versionType": "custom" }, { "changes": [ { "at": "11.0.4", "status": "unaffected" } ], "lessThan": "11.0.4", "status": "affected", "version": "11.0.0", "versionType": "custom" }, { "status": "unaffected", "version": "11.1.0" } ] }, { "defaultStatus": "unaffected", "product": "Cloud NGFW", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "All" } ] }, { "defaultStatus": "unaffected", "product": "Prisma Access", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "All" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Palo Alto Networks thanks one of our customers for discovering and reporting this issue." } ], "datePublic": "2024-04-10T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls." } ], "value": "A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e" } ], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n" } ], "impacts": [ { "capecId": "CAPEC-20", "descriptions": [ { "lang": "en", "value": "CAPEC-20 Encryption Brute Forcing" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-326", "description": "CWE-326 Inadequate Encryption Strength", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-10T17:06:36.676Z", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto" }, "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2024-3387" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue is fixed in PAN-OS 10.1.12, PAN-OS 10.2.7-h3, PAN-OS 10.2.8, PAN-OS 11.0.4, and all later PAN-OS versions.\u003cbr\u003e" } ], "value": "This issue is fixed in PAN-OS 10.1.12, PAN-OS 10.2.7-h3, PAN-OS 10.2.8, PAN-OS 11.0.4, and all later PAN-OS versions.\n" } ], "source": { "defect": [ "PAN-200047" ], "discovery": "USER" }, "timeline": [ { "lang": "en", "time": "2024-04-10T16:00:00.000Z", "value": "Initial publication" } ], "title": "PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2024-3387", "datePublished": "2024-04-10T17:06:36.676Z", "dateReserved": "2024-04-05T17:40:19.884Z", "dateUpdated": "2024-08-01T20:12:06.646Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6789
Vulnerability from cvelistv5
Published
2023-12-13 18:26
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:07.423Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2023-6789" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [ { "changes": [ { "at": "8.1.26", "status": "unaffected" } ], "lessThan": "8.1.26", "status": "affected", "version": "8.1", "versionType": "custom" }, { "changes": [ { "at": "9.0.17-h4", "status": "unaffected" } ], "lessThan": "9.0.17-h4", "status": "affected", "version": "9.0", "versionType": "custom" }, { "changes": [ { "at": "9.1.17", "status": "unaffected" } ], "lessThan": "9.1.17", "status": "affected", "version": "9.1", "versionType": "custom" }, { "lessThanOrEqual": "All", "status": "affected", "version": "10.0", "versionType": "custom" }, { "changes": [ { "at": "10.1.11", "status": "unaffected" } ], "lessThan": "10.1.11", "status": "affected", "version": "10.1", "versionType": "custom" }, { "changes": [ { "at": "10.2.5", "status": "unaffected" } ], "lessThan": "10.2.5", "status": "affected", "version": "10.2", "versionType": "custom" }, { "changes": [ { "at": "11.0.2", "status": "unaffected" } ], "lessThan": "11.0.2", "status": "affected", "version": "11.0", "versionType": "custom" }, { "lessThan": "All", "status": "unaffected", "version": "11.1", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Prisma Access", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "All" } ] }, { "defaultStatus": "unaffected", "product": "Cloud NGFW", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "All" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Palo Alto Networks thanks Md Sameull Islam of Beetles Cyber Security LTD, Kajetan Rostojek, and an external reporter for discovering and reporting this issue." } ], "datePublic": "2023-12-13T17:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator." } ], "value": "A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguises all associated actions as performed by that unsuspecting authenticated administrator." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue." } ], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-13T18:26:30.524Z", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto" }, "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2023-6789" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions." } ], "value": "This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions." } ], "source": { "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2023-12-13T17:00:00.000Z", "value": "Initial publication" } ], "title": "PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices." } ], "value": "This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2023-6789", "datePublished": "2023-12-13T18:26:30.524Z", "dateReserved": "2023-12-13T17:27:23.165Z", "dateUpdated": "2024-08-02T08:42:07.423Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-3388
Vulnerability from cvelistv5
Published
2024-04-10 17:06
Modified
2024-08-01 20:12
Severity ?
EPSS score ?
Summary
PAN-OS: User Impersonation in GlobalProtect SSL VPN
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-3388", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-15T14:39:04.465851Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:32:48.331Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:12:06.617Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2024-3388" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [ { "changes": [ { "at": "8.1.26", "status": "unaffected" } ], "lessThan": "8.1.26", "status": "affected", "version": "8.1.0", "versionType": "custom" }, { "changes": [ { "at": "9.0.17-h4", "status": "unaffected" } ], "lessThan": "9.0.17-h4", "status": "affected", "version": "9.0.0", "versionType": "custom" }, { "changes": [ { "at": "9.1.17", "status": "unaffected" } ], "lessThan": "9.1.17", "status": "affected", "version": "9.1.0", "versionType": "custom" }, { "changes": [ { "at": "10.1.11-h4", "status": "unaffected" } ], "lessThan": "10.1.11-h4", "status": "affected", "version": "10.1.0", "versionType": "custom" }, { "changes": [ { "at": "10.2.7-h3", "status": "unaffected" } ], "lessThan": "10.2.7-h3", "status": "affected", "version": "10.2.0", "versionType": "custom" }, { "changes": [ { "at": "11.0.3", "status": "unaffected" } ], "lessThan": "11.0.3", "status": "affected", "version": "11.0.0", "versionType": "custom" }, { "status": "unaffected", "version": "11.1.0" } ] }, { "defaultStatus": "unaffected", "product": "Cloud NGFW", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "All" } ] }, { "defaultStatus": "unaffected", "product": "Prisma Access", "vendor": "Palo Alto Networks", "versions": [ { "changes": [ { "at": "10.2.4", "status": "unaffected" } ], "lessThan": "10.2.4", "status": "affected", "version": "10.2", "versionType": "custom" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue applies only to PAN-OS firewall configurations with an enabled GlobalProtect gateway and where you are permitting use of the SSL VPN either as a fallback or as the only available tunnel mode. You should verify whether you have a configured GlobalProtect gateway by checking for entries in your firewall web interface (Network \u003e GlobalProtect \u003e Gateways). You can also verify:\n- Whether SSL VPN fallback is permitted (check to see if the \"Disable Automatic Restoration of SSL VPN\" option is disabled in the GlobalProtect Gateway Configuration dialog by selecting Agent \u003e Connection Settings) or;\n- Whether SSL VPN is the only available tunnel mode (check to see if \"Enable IPSec\" is disabled (unchecked) in the GlobalProtect Gateway Configuration dialog by selecting Agent \u003e Tunnel Settings).\nBy default, both PAN-OS firewalls and Prisma Access use the SSL VPN only when the endpoint fails to successfully establish an IPSec tunnel." } ], "value": "This issue applies only to PAN-OS firewall configurations with an enabled GlobalProtect gateway and where you are permitting use of the SSL VPN either as a fallback or as the only available tunnel mode. You should verify whether you have a configured GlobalProtect gateway by checking for entries in your firewall web interface (Network \u003e GlobalProtect \u003e Gateways). You can also verify:\n- Whether SSL VPN fallback is permitted (check to see if the \"Disable Automatic Restoration of SSL VPN\" option is disabled in the GlobalProtect Gateway Configuration dialog by selecting Agent \u003e Connection Settings) or;\n- Whether SSL VPN is the only available tunnel mode (check to see if \"Enable IPSec\" is disabled (unchecked) in the GlobalProtect Gateway Configuration dialog by selecting Agent \u003e Tunnel Settings).\nBy default, both PAN-OS firewalls and Prisma Access use the SSL VPN only when the endpoint fails to successfully establish an IPSec tunnel." } ], "credits": [ { "lang": "en", "type": "finder", "value": "Palo Alto Networks thanks Ta-Lun Yen of TXOne Networks for discovering and reporting this issue." } ], "datePublic": "2024-04-10T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets." } ], "value": "A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e" } ], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n" } ], "impacts": [ { "capecId": "CAPEC-194", "descriptions": [ { "lang": "en", "value": "CAPEC-194 Fake the Source of Data" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-10T17:06:40.685Z", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto" }, "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2024-3388" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11-h4, PAN-OS 10.2.7-h3, PAN-OS 11.0.3, and all later PAN-OS versions. This issue is fixed in Prisma Access 10.2.4 and later.\u003cbr\u003e" } ], "value": "This issue is fixed in PAN-OS 8.1.26, PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11-h4, PAN-OS 10.2.7-h3, PAN-OS 11.0.3, and all later PAN-OS versions. This issue is fixed in Prisma Access 10.2.4 and later.\n" } ], "source": { "defect": [ "PAN-224964" ], "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2024-04-10T16:00:00.000Z", "value": "Initial publication" } ], "title": "PAN-OS: User Impersonation in GlobalProtect SSL VPN", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "You can enable the \"Disable Automatic Restoration of SSL VPN\" (Network \u003e GlobalProtect Gateways \u003e \u003cgateway-config\u003e \u003e GlobalProtect Gateway Configuration \u003e Agent \u003e Connection Settings) on PAN-OS firewalls with the GlobalProtect feature enabled to mitigate this vulnerability.\u003cbr\u003e" } ], "value": "You can enable the \"Disable Automatic Restoration of SSL VPN\" (Network \u003e GlobalProtect Gateways \u003e \u003e GlobalProtect Gateway Configuration \u003e Agent \u003e Connection Settings) on PAN-OS firewalls with the GlobalProtect feature enabled to mitigate this vulnerability.\n" } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2024-3388", "datePublished": "2024-04-10T17:06:40.685Z", "dateReserved": "2024-04-05T17:40:20.687Z", "dateUpdated": "2024-08-01T20:12:06.617Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-43527
Vulnerability from cvelistv5
Published
2021-12-08 00:00
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:55:29.297Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2021-51/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1737470" }, { "tags": [ "x_transferred" ], "url": "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/" }, { "tags": [ "x_transferred" ], "url": "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211229-0002/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.starwindsoftware.com/security/sw-20220802-0001/" }, { "name": "GLSA-202212-05", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-05" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NSS", "vendor": "Mozilla", "versions": [ { "lessThan": "3.73", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "3.68.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS \u003c 3.73 and NSS \u003c 3.68.1." } ], "problemTypes": [ { "descriptions": [ { "description": "Memory corruption via DER-encoded DSA and RSA-PSS signatures", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-19T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2021-51/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1737470" }, { "url": "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/" }, { "url": "https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "url": "https://security.netapp.com/advisory/ntap-20211229-0002/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf" }, { "url": "https://www.starwindsoftware.com/security/sw-20220802-0001/" }, { "name": "GLSA-202212-05", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-05" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2021-43527", "datePublished": "2021-12-08T00:00:00", "dateReserved": "2021-11-08T00:00:00", "dateUpdated": "2024-08-04T03:55:29.297Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-8923
Vulnerability from cvelistv5
Published
2017-05-12 20:00
Modified
2024-08-05 16:48
Severity ?
EPSS score ?
Summary
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98518 | vdb-entry, x_refsource_BID | |
https://bugs.php.net/bug.php?id=74577 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:48:22.984Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98518", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98518" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.php.net/bug.php?id=74577" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2017-05-12T00:00:00", "descriptions": [ { "lang": "en", "value": "The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script\u0027s use of .= with a long string." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-24T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "98518", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98518" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.php.net/bug.php?id=74577" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8923", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script\u0027s use of .= with a long string." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "98518", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98518" }, { "name": "https://bugs.php.net/bug.php?id=74577", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=74577" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-8923", "datePublished": "2017-05-12T20:00:00", "dateReserved": "2017-05-12T00:00:00", "dateUpdated": "2024-08-05T16:48:22.984Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-25658
Vulnerability from cvelistv5
Published
2020-11-12 13:48
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658 | x_refsource_CONFIRM | |
https://github.com/sybrenstuvel/python-rsa/issues/165 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
▼ | Vendor | Product |
---|---|---|
Sybren A. Stüvel | python-rsa |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T15:40:36.903Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/sybrenstuvel/python-rsa/issues/165" }, { "name": "FEDORA-2021-783a157adc", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/" }, { "name": "FEDORA-2021-c1fef03e71", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/" }, { "name": "FEDORA-2021-15e50503d6", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "python-rsa", "vendor": "Sybren A. St\u00fcvel", "versions": [ { "status": "affected", "version": "after 3.0 (inclusive)" } ] } ], "descriptions": [ { "lang": "en", "value": "It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-385", "description": "CWE-385", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-25T00:07:41", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/sybrenstuvel/python-rsa/issues/165" }, { "name": "FEDORA-2021-783a157adc", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/" }, { "name": "FEDORA-2021-c1fef03e71", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/" }, { "name": "FEDORA-2021-15e50503d6", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-25658", "datePublished": "2020-11-12T13:48:31", "dateReserved": "2020-09-16T00:00:00", "dateUpdated": "2024-08-04T15:40:36.903Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-48795
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2024-08-02 21:46
Severity ?
EPSS score ?
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:46:27.255Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" }, { "tags": [ "x_transferred" ], "url": "https://matt.ucc.asn.au/dropbear/CHANGES" }, { "tags": [ "x_transferred" ], "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" }, { "tags": [ "x_transferred" ], "url": "https://www.netsarang.com/en/xshell-update-history/" }, { "tags": [ "x_transferred" ], "url": "https://www.paramiko.org/changelog.html" }, { "tags": [ "x_transferred" ], "url": "https://www.openssh.com/openbsd.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/openssh/openssh-portable/commits/master" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ" }, { "tags": [ "x_transferred" ], "url": "https://www.bitvise.com/ssh-server-version-history" }, { "tags": [ "x_transferred" ], "url": "https://github.com/ronf/asyncssh/tags" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libssh/libssh-mirror/-/tags" }, { "tags": [ "x_transferred" ], "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42" }, { "tags": [ "x_transferred" ], "url": "https://www.openssh.com/txt/release-9.6" }, { "tags": [ "x_transferred" ], "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/" }, { "tags": [ "x_transferred" ], "url": "https://www.terrapin-attack.com" }, { "tags": [ "x_transferred" ], "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25" }, { "tags": [ "x_transferred" ], "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst" }, { "tags": [ "x_transferred" ], "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2" }, { "tags": [ "x_transferred" ], "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, { "tags": [ "x_transferred" ], "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005" }, { "tags": [ "x_transferred" ], "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d" }, { "tags": [ "x_transferred" ], "url": "https://github.com/paramiko/paramiko/issues/2337" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=38684904" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=38685286" }, { "name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" }, { "tags": [ "x_transferred" ], "url": "https://github.com/mwiede/jsch/issues/457" }, { "tags": [ "x_transferred" ], "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6" }, { "tags": [ "x_transferred" ], "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1" }, { "tags": [ "x_transferred" ], "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8" }, { "tags": [ "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/source-package/libssh2" }, { "tags": [ "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, { "tags": [ "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "tags": [ "x_transferred" ], "url": "https://bugs.gentoo.org/920280" }, { "tags": [ "x_transferred" ], "url": "https://ubuntu.com/security/CVE-2023-48795" }, { "tags": [ "x_transferred" ], "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/cve-2023-48795" }, { "tags": [ "x_transferred" ], "url": "https://github.com/mwiede/jsch/pull/461" }, { "tags": [ "x_transferred" ], "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6" }, { "tags": [ "x_transferred" ], "url": "https://github.com/libssh2/libssh2/pull/1291" }, { "tags": [ "x_transferred" ], "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack" }, { "tags": [ "x_transferred" ], "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5" }, { "tags": [ "x_transferred" ], "url": "https://github.com/rapier1/hpn-ssh/releases" }, { "tags": [ "x_transferred" ], "url": "https://github.com/proftpd/proftpd/issues/456" }, { "tags": [ "x_transferred" ], "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1" }, { "tags": [ "x_transferred" ], "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, { "tags": [ "x_transferred" ], "url": "https://oryx-embedded.com/download/#changelog" }, { "tags": [ "x_transferred" ], "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update" }, { "tags": [ "x_transferred" ], "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22" }, { "tags": [ "x_transferred" ], "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab" }, { "tags": [ "x_transferred" ], "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3" }, { "tags": [ "x_transferred" ], "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC" }, { "tags": [ "x_transferred" ], "url": "https://crates.io/crates/thrussh/versions" }, { "tags": [ "x_transferred" ], "url": "https://github.com/NixOS/nixpkgs/pull/275249" }, { "name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5" }, { "tags": [ "x_transferred" ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc" }, { "tags": [ "x_transferred" ], "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/" }, { "name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" }, { "tags": [ "x_transferred" ], "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" }, { "tags": [ "x_transferred" ], "url": "https://github.com/apache/mina-sshd/issues/445" }, { "tags": [ "x_transferred" ], "url": "https://github.com/hierynomus/sshj/issues/916" }, { "tags": [ "x_transferred" ], "url": "https://github.com/janmojzis/tinyssh/issues/81" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "tags": [ "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" }, { "tags": [ "x_transferred" ], "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" }, { "name": "FEDORA-2023-0733306be9", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/" }, { "name": "DSA-5586", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5586" }, { "tags": [ "x_transferred" ], "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508" }, { "tags": [ "x_transferred" ], "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh" }, { "tags": [ "x_transferred" ], "url": "https://filezilla-project.org/versions.php" }, { "tags": [ "x_transferred" ], "url": "https://nova.app/releases/#v11.8" }, { "tags": [ "x_transferred" ], "url": "https://roumenpetrov.info/secsh/#news20231220" }, { "tags": [ "x_transferred" ], "url": "https://www.vandyke.com/products/securecrt/history.txt" }, { "tags": [ "x_transferred" ], "url": "https://help.panic.com/releasenotes/transmit5/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta" }, { "tags": [ "x_transferred" ], "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189" }, { "tags": [ "x_transferred" ], "url": "https://winscp.net/eng/docs/history#6.2.2" }, { "tags": [ "x_transferred" ], "url": "https://www.bitvise.com/ssh-client-version-history#933" }, { "tags": [ "x_transferred" ], "url": "https://github.com/cyd01/KiTTY/issues/520" }, { "name": "DSA-5588", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5588" }, { "tags": [ "x_transferred" ], "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=38732005" }, { "name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" }, { "name": "GLSA-202312-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202312-16" }, { "name": "GLSA-202312-17", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202312-17" }, { "name": "FEDORA-2023-20feb865d8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/" }, { "name": "FEDORA-2023-cb8c606fbb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/" }, { "name": "FEDORA-2023-e77300e4b5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/" }, { "name": "FEDORA-2023-b87ec6cf47", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/" }, { "name": "FEDORA-2023-153404713b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240105-0004/" }, { "name": "FEDORA-2024-3bb23c77f3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/" }, { "name": "FEDORA-2023-55800423a8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/" }, { "name": "FEDORA-2024-d946b9ad25", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/" }, { "name": "FEDORA-2024-71c2c6526c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/" }, { "name": "FEDORA-2024-39a8c72ea9", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/" }, { "tags": [ "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002" }, { "name": "FEDORA-2024-ae653fb07b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/" }, { "name": "FEDORA-2024-2705241461", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/" }, { "name": "FEDORA-2024-fb32950d11", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/" }, { "name": "FEDORA-2024-7b08207cdb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/" }, { "name": "FEDORA-2024-06ebb70bdd", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/" }, { "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html" }, { "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html" }, { "name": "FEDORA-2024-a53b24023d", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/" }, { "name": "FEDORA-2024-3fd1bc9276", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214084" }, { "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/21" }, { "name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html" }, { "name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8" }, { "name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-01T18:06:23.972272", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" }, { "url": "https://matt.ucc.asn.au/dropbear/CHANGES" }, { "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" }, { "url": "https://www.netsarang.com/en/xshell-update-history/" }, { "url": "https://www.paramiko.org/changelog.html" }, { "url": "https://www.openssh.com/openbsd.html" }, { "url": "https://github.com/openssh/openssh-portable/commits/master" }, { "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ" }, { "url": "https://www.bitvise.com/ssh-server-version-history" }, { "url": "https://github.com/ronf/asyncssh/tags" }, { "url": "https://gitlab.com/libssh/libssh-mirror/-/tags" }, { "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/" }, { "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42" }, { "url": "https://www.openssh.com/txt/release-9.6" }, { "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/" }, { "url": "https://www.terrapin-attack.com" }, { "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25" }, { "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst" }, { "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" }, { "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2" }, { "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0" }, { "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, { "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005" }, { "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d" }, { "url": "https://github.com/paramiko/paramiko/issues/2337" }, { "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg" }, { "url": "https://news.ycombinator.com/item?id=38684904" }, { "url": "https://news.ycombinator.com/item?id=38685286" }, { "name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" }, { "url": "https://github.com/mwiede/jsch/issues/457" }, { "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6" }, { "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1" }, { "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8" }, { "url": "https://security-tracker.debian.org/tracker/source-package/libssh2" }, { "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, { "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "url": "https://bugs.gentoo.org/920280" }, { "url": "https://ubuntu.com/security/CVE-2023-48795" }, { "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/" }, { "url": "https://access.redhat.com/security/cve/cve-2023-48795" }, { "url": "https://github.com/mwiede/jsch/pull/461" }, { "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6" }, { "url": "https://github.com/libssh2/libssh2/pull/1291" }, { "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack" }, { "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5" }, { "url": "https://github.com/rapier1/hpn-ssh/releases" }, { "url": "https://github.com/proftpd/proftpd/issues/456" }, { "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1" }, { "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, { "url": "https://oryx-embedded.com/download/#changelog" }, { "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update" }, { "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22" }, { "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab" }, { "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3" }, { "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC" }, { "url": "https://crates.io/crates/thrussh/versions" }, { "url": "https://github.com/NixOS/nixpkgs/pull/275249" }, { "name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5" }, { "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc" }, { "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/" }, { "name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" }, { "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" }, { "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" }, { "url": "https://github.com/apache/mina-sshd/issues/445" }, { "url": "https://github.com/hierynomus/sshj/issues/916" }, { "url": "https://github.com/janmojzis/tinyssh/issues/81" }, { "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" }, { "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" }, { "name": "FEDORA-2023-0733306be9", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/" }, { "name": "DSA-5586", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5586" }, { "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508" }, { "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh" }, { "url": "https://filezilla-project.org/versions.php" }, { "url": "https://nova.app/releases/#v11.8" }, { "url": "https://roumenpetrov.info/secsh/#news20231220" }, { "url": "https://www.vandyke.com/products/securecrt/history.txt" }, { "url": "https://help.panic.com/releasenotes/transmit5/" }, { "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta" }, { "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189" }, { "url": "https://winscp.net/eng/docs/history#6.2.2" }, { "url": "https://www.bitvise.com/ssh-client-version-history#933" }, { "url": "https://github.com/cyd01/KiTTY/issues/520" }, { "name": "DSA-5588", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5588" }, { "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165" }, { "url": "https://news.ycombinator.com/item?id=38732005" }, { "name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" }, { "name": "GLSA-202312-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202312-16" }, { "name": "GLSA-202312-17", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202312-17" }, { "name": "FEDORA-2023-20feb865d8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/" }, { "name": "FEDORA-2023-cb8c606fbb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/" }, { "name": "FEDORA-2023-e77300e4b5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/" }, { "name": "FEDORA-2023-b87ec6cf47", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/" }, { "name": "FEDORA-2023-153404713b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/" }, { "url": "https://security.netapp.com/advisory/ntap-20240105-0004/" }, { "name": "FEDORA-2024-3bb23c77f3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/" }, { "name": "FEDORA-2023-55800423a8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/" }, { "name": "FEDORA-2024-d946b9ad25", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/" }, { "name": "FEDORA-2024-71c2c6526c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/" }, { "name": "FEDORA-2024-39a8c72ea9", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/" }, { "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002" }, { "name": "FEDORA-2024-ae653fb07b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/" }, { "name": "FEDORA-2024-2705241461", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/" }, { "name": "FEDORA-2024-fb32950d11", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/" }, { "name": "FEDORA-2024-7b08207cdb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/" }, { "name": "FEDORA-2024-06ebb70bdd", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/" }, { "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html" }, { "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html" }, { "name": "FEDORA-2024-a53b24023d", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/" }, { "name": "FEDORA-2024-3fd1bc9276", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/" }, { "url": "https://support.apple.com/kb/HT214084" }, { "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/21" }, { "name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html" }, { "name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8" }, { "name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-48795", "datePublished": "2023-12-18T00:00:00", "dateReserved": "2023-11-20T00:00:00", "dateUpdated": "2024-08-02T21:46:27.255Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-21708
Vulnerability from cvelistv5
Published
2022-02-27 08:00
Modified
2024-09-17 03:18
Severity ?
EPSS score ?
Summary
UAF due to php_filter_float() failing
References
▼ | URL | Tags |
---|---|---|
https://bugs.php.net/bug.php?id=81708 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220325-0004/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202209-20 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:23:28.601Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.php.net/bug.php?id=81708" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220325-0004/" }, { "name": "GLSA-202209-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-20" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "PHP", "vendor": "PHP Group", "versions": [ { "lessThan": "7.4.28", "status": "affected", "version": "7.4.x", "versionType": "custom" }, { "lessThan": "8.0.16", "status": "affected", "version": "8.0.X", "versionType": "custom" }, { "lessThan": "8.1.3", "status": "affected", "version": "8.1.X", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "dukk at softdev dot online" } ], "datePublic": "2022-02-14T00:00:00", "descriptions": [ { "lang": "en", "value": "In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:06:49", "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.php.net/bug.php?id=81708" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220325-0004/" }, { "name": "GLSA-202209-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-20" } ], "source": { "defect": [ "https://bugs.php.net/bug.php?id=81708" ], "discovery": "EXTERNAL" }, "title": "UAF due to php_filter_float() failing", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@php.net", "DATE_PUBLIC": "2022-02-14T08:00:00.000Z", "ID": "CVE-2021-21708", "STATE": "PUBLIC", "TITLE": "UAF due to php_filter_float() failing" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "PHP", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "7.4.x", "version_value": "7.4.28" }, { "version_affected": "\u003c", "version_name": "8.0.X", "version_value": "8.0.16" }, { "version_affected": "\u003c", "version_name": "8.1.X", "version_value": "8.1.3" } ] } } ] }, "vendor_name": "PHP Group" } ] } }, "credit": [ { "lang": "eng", "value": "dukk at softdev dot online" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-416 Use After Free" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.php.net/bug.php?id=81708", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=81708" }, { "name": "https://security.netapp.com/advisory/ntap-20220325-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220325-0004/" }, { "name": "GLSA-202209-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-20" } ] }, "source": { "defect": [ "https://bugs.php.net/bug.php?id=81708" ], "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "assignerShortName": "php", "cveId": "CVE-2021-21708", "datePublished": "2022-02-27T08:00:12.018780Z", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-09-17T03:18:02.531Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0286
Vulnerability from cvelistv5
Published
2023-02-08 19:01
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
X.400 address type confusion in X.509 GeneralName
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:02:44.187Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658" }, { "name": "1.1.1t git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9" }, { "name": "1.0.2zg patch (premium)", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d" }, { "tags": [ "x_transferred" ], "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig" }, { "tags": [ "x_transferred" ], "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1t", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zg", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "David Benjamin (Google)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Hugo Landau" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There is a type confusion vulnerability relating to X.400 address processing\u003cbr\u003einside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\u003cbr\u003ethe public structure definition for GENERAL_NAME incorrectly specified the type\u003cbr\u003eof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\u003cbr\u003ethe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\u003cbr\u003eASN1_STRING.\u003cbr\u003e\u003cbr\u003eWhen CRL checking is enabled (i.e. the application sets the\u003cbr\u003eX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\u003cbr\u003earbitrary pointers to a memcmp call, enabling them to read memory contents or\u003cbr\u003eenact a denial of service. In most cases, the attack requires the attacker to\u003cbr\u003eprovide both the certificate chain and CRL, neither of which need to have a\u003cbr\u003evalid signature. If the attacker only controls one of these inputs, the other\u003cbr\u003einput must already contain an X.400 address as a CRL distribution point, which\u003cbr\u003eis uncommon. As such, this vulnerability is most likely to only affect\u003cbr\u003eapplications which have implemented their own functionality for retrieving CRLs\u003cbr\u003eover a network.\u003cbr\u003e\u003cbr\u003e" } ], "value": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "High" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": " type confusion vulnerability", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-27T18:25:32.958867Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658" }, { "name": "1.1.1t git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9" }, { "name": "1.0.2zg patch (premium)", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d" }, { "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig" }, { "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "X.400 address type confusion in X.509 GeneralName", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-0286", "datePublished": "2023-02-08T19:01:50.514Z", "dateReserved": "2023-01-13T10:40:41.259Z", "dateUpdated": "2024-08-02T05:02:44.187Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1271
Vulnerability from cvelistv5
Published
2022-08-31 15:33
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2073310 | x_refsource_MISC | |
https://www.openwall.com/lists/oss-security/2022/04/07/8 | x_refsource_MISC | |
https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html | x_refsource_MISC | |
https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch | x_refsource_MISC | |
https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6 | x_refsource_MISC | |
https://security-tracker.debian.org/tracker/CVE-2022-1271 | x_refsource_MISC | |
https://access.redhat.com/security/cve/CVE-2022-1271 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202209-01 | vendor-advisory, x_refsource_GENTOO | |
https://security.netapp.com/advisory/ntap-20220930-0006/ | x_refsource_CONFIRM |
Impacted products
▼ | Vendor | Product |
---|---|---|
n/a | gzip, xz-utils |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:55:24.665Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/04/07/8" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2022-1271" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-1271" }, { "name": "GLSA-202209-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-01" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220930-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "gzip, xz-utils", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in gzip 1.12" } ] } ], "descriptions": [ { "lang": "en", "value": "An arbitrary file write vulnerability was found in GNU gzip\u0027s zgrep utility. When zgrep is applied on the attacker\u0027s chosen file name (for example, a crafted file name), this can overwrite an attacker\u0027s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-179", "description": "CWE-179 - Incorrect Behavior Order: Early Validation, CWE-1173 Improper Use of Validation Framework", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-30T15:06:11", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.openwall.com/lists/oss-security/2022/04/07/8" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6" }, { "tags": [ "x_refsource_MISC" ], "url": "https://security-tracker.debian.org/tracker/CVE-2022-1271" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/cve/CVE-2022-1271" }, { "name": "GLSA-202209-01", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-01" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220930-0006/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2022-1271", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "gzip, xz-utils", "version": { "version_data": [ { "version_value": "Fixed in gzip 1.12" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An arbitrary file write vulnerability was found in GNU gzip\u0027s zgrep utility. When zgrep is applied on the attacker\u0027s chosen file name (for example, a crafted file name), this can overwrite an attacker\u0027s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-179 - Incorrect Behavior Order: Early Validation, CWE-1173 Improper Use of Validation Framework" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073310" }, { "name": "https://www.openwall.com/lists/oss-security/2022/04/07/8", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/04/07/8" }, { "name": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html", "refsource": "MISC", "url": "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html" }, { "name": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch", "refsource": "MISC", "url": "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch" }, { "name": "https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6", "refsource": "MISC", "url": "https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6" }, { "name": "https://security-tracker.debian.org/tracker/CVE-2022-1271", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2022-1271" }, { "name": "https://access.redhat.com/security/cve/CVE-2022-1271", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2022-1271" }, { "name": "GLSA-202209-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-01" }, { "name": "https://security.netapp.com/advisory/ntap-20220930-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220930-0006/" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1271", "datePublished": "2022-08-31T15:33:00", "dateReserved": "2022-04-07T00:00:00", "dateUpdated": "2024-08-02T23:55:24.665Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-47629
Vulnerability from cvelistv5
Published
2022-12-20 00:00
Modified
2024-08-03 15:02
Severity ?
EPSS score ?
Summary
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:02:35.911Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070" }, { "tags": [ "x_transferred" ], "url": "https://dev.gnupg.org/T6284" }, { "name": "DSA-5305", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5305" }, { "name": "[debian-lts-announce] 20221224 [SECURITY] [DLA 3248-1] libksba security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html" }, { "name": "GLSA-202212-07", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-07" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0011/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-16T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070" }, { "url": "https://dev.gnupg.org/T6284" }, { "name": "DSA-5305", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5305" }, { "name": "[debian-lts-announce] 20221224 [SECURITY] [DLA 3248-1] libksba security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html" }, { "name": "GLSA-202212-07", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-07" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0011/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-47629", "datePublished": "2022-12-20T00:00:00", "dateReserved": "2022-12-20T00:00:00", "dateUpdated": "2024-08-03T15:02:35.911Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-3386
Vulnerability from cvelistv5
Published
2024-04-10 17:06
Modified
2024-08-01 20:12
Severity ?
EPSS score ?
Summary
PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:palo_alto_networks:cloud_ngfw:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "cloud_ngfw", "vendor": "palo_alto_networks", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:palo_alto_networks:prisma_access:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "prisma_access", "vendor": "palo_alto_networks", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "pan-os", "vendor": "palo_alto_networks", "versions": [ { "lessThan": "9.0.17-h2", "status": "affected", "version": "9.0.0", "versionType": "custom" }, { "lessThan": "9.1.17", "status": "affected", "version": "9.1.0", "versionType": "custom" }, { "lessThan": "10.0.13", "status": "affected", "version": "10.0.00", "versionType": "custom" }, { "lessThan": "10.1.9-h3", "status": "affected", "version": "10.1.0", "versionType": "custom" }, { "lessThan": "10.1.10", "status": "affected", "version": "10.1.0", "versionType": "custom" }, { "lessThan": "10.2.4-h2", "status": "affected", "version": "10.2.0", "versionType": "custom" }, { "lessThan": "10.2.5", "status": "affected", "version": "10.2.0", "versionType": "custom" }, { "lessThan": "11.0.1-h2", "status": "affected", "version": "11.0.0", "versionType": "custom" }, { "lessThan": "11.0.2", "status": "affected", "version": "11.0.0", "versionType": "custom" }, { "status": "affected", "version": "11.1.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-3386", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-10T19:11:36.523628Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-07T15:13:59.508Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:12:06.667Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2024-3386" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [ { "changes": [ { "at": "9.0.17-h2", "status": "unaffected" } ], "lessThan": "9.0.17-h2", "status": "affected", "version": "9.0.0", "versionType": "custom" }, { "changes": [ { "at": "9.1.17", "status": "unaffected" } ], "lessThan": "9.1.17", "status": "affected", "version": "9.1.0", "versionType": "custom" }, { "changes": [ { "at": "10.0.13", "status": "unaffected" } ], "lessThan": "10.0.13", "status": "affected", "version": "10.0.0", "versionType": "custom" }, { "changes": [ { "at": "10.1.9-h3", "status": "unaffected" } ], "lessThan": "10.1.9-h3", "status": "affected", "version": "10.1.0", "versionType": "custom" }, { "changes": [ { "at": "10.1.10", "status": "unaffected" } ], "lessThan": "10.1.10", "status": "affected", "version": "10.1.0", "versionType": "custom" }, { "changes": [ { "at": "10.2.4-h2", "status": "unaffected" } ], "lessThan": "10.2.4-h2", "status": "affected", "version": "10.2.0", "versionType": "custom" }, { "changes": [ { "at": "10.2.5", "status": "unaffected" } ], "lessThan": "10.2.5", "status": "affected", "version": "10.2.0", "versionType": "custom" }, { "changes": [ { "at": "11.0.1-h2", "status": "unaffected" } ], "lessThan": "11.0.1-h2", "status": "affected", "version": "11.0.0", "versionType": "custom" }, { "changes": [ { "at": "11.0.2", "status": "unaffected" } ], "lessThan": "11.0.2", "status": "affected", "version": "11.0.0", "versionType": "custom" }, { "status": "unaffected", "version": "11.1.0" } ] }, { "defaultStatus": "unaffected", "product": "Cloud NGFW", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "All" } ] }, { "defaultStatus": "unaffected", "product": "Prisma Access", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "All" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "You must configure Predefined Decryption Exclusions on your PAN-OS firewalls. You should check to see whether you have any configured exclusions in your firewall web interface (Device \u003e Certificate Management \u003e SSL Decryption Exclusions)." } ], "value": "You must configure Predefined Decryption Exclusions on your PAN-OS firewalls. You should check to see whether you have any configured exclusions in your firewall web interface (Device \u003e Certificate Management \u003e SSL Decryption Exclusions)." } ], "credits": [ { "lang": "en", "type": "finder", "value": "Palo Alto Networks thanks Frederic De Vlieger for discovering and reporting this issue." } ], "datePublic": "2024-04-10T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption." } ], "value": "An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e" } ], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n" } ], "impacts": [ { "capecId": "CAPEC-148", "descriptions": [ { "lang": "en", "value": "CAPEC-148 Content Spoofing" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-436", "description": "CWE-436 Interpretation Conflict", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-10T17:06:32.694Z", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto" }, "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2024-3386" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue is fixed in 9.0.17-h2, 9.0.18, 9.1.17, 10.0.13, 10.1.9-h3, 10.1.10, 10.2.4-h2, 10.2.5, 11.0.1-h2, 11.0.2, 11.1.0 and all later PAN-OS versions.\u003cbr\u003e" } ], "value": "This issue is fixed in 9.0.17-h2, 9.0.18, 9.1.17, 10.0.13, 10.1.9-h3, 10.1.10, 10.2.4-h2, 10.2.5, 11.0.1-h2, 11.0.2, 11.1.0 and all later PAN-OS versions.\n" } ], "source": { "defect": [ "PAN-208155" ], "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2024-04-10T16:00:00.000Z", "value": "Initial publication" } ], "title": "PAN-OS: Predefined Decryption Exclusions Does Not Work as Intended", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2024-3386", "datePublished": "2024-04-10T17:06:32.694Z", "dateReserved": "2024-04-05T17:40:19.116Z", "dateUpdated": "2024-08-01T20:12:06.667Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3515
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:02.956Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135610" }, { "tags": [ "x_transferred" ], "url": "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html" }, { "tags": [ "x_transferred" ], "url": "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-3515" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230706-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libksba", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in libksba v1.6.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 - Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-06T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135610" }, { "url": "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html" }, { "url": "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b" }, { "url": "https://access.redhat.com/security/cve/CVE-2022-3515" }, { "url": "https://security.netapp.com/advisory/ntap-20230706-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-3515", "datePublished": "2023-01-12T00:00:00", "dateReserved": "2022-10-14T00:00:00", "dateUpdated": "2024-08-03T01:14:02.956Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-31676
Vulnerability from cvelistv5
Published
2022-08-23 00:00
Modified
2024-08-03 07:26
Severity ?
EPSS score ?
Summary
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
n/a | VMware Tools |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:26:00.916Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.vmware.com/security/advisories/VMSA-2022-0024.html" }, { "name": "[oss-security] 20220823 [SECURITY ADVISORY] open-vm-tools: Local privilege escalation vulnerability (CVE-2022-31676)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/23/3" }, { "name": "DSA-5215", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5215" }, { "name": "[debian-lts-announce] 20220825 [SECURITY] [DLA 3081-1] open-vm-tools security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00013.html" }, { "name": "FEDORA-2022-cd23eac6f4", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4TZF6QRJIDECGMEGBPXJCHZ6YC3VZ6Z/" }, { "name": "FEDORA-2022-1b8d3b2845", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5VV2R4LV4T3SNQJYRLFD4C75HBDVV76/" }, { "name": "FEDORA-2022-1c9c0bacaf", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZA63DWRW7HROTVBNRIPBJQWBYIYAQMEW/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221017-0003/" }, { "name": "GLSA-202210-27", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-27" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "VMware Tools", "vendor": "n/a", "versions": [ { "status": "affected", "version": "VMware Tools (12.0.0, 11.x.y and 10.x.y)" } ] } ], "descriptions": [ { "lang": "en", "value": "VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine." } ], "problemTypes": [ { "descriptions": [ { "description": "Local privilege escalation vulnerability", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-31T00:00:00", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware" }, "references": [ { "url": "https://www.vmware.com/security/advisories/VMSA-2022-0024.html" }, { "name": "[oss-security] 20220823 [SECURITY ADVISORY] open-vm-tools: Local privilege escalation vulnerability (CVE-2022-31676)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/08/23/3" }, { "name": "DSA-5215", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5215" }, { "name": "[debian-lts-announce] 20220825 [SECURITY] [DLA 3081-1] open-vm-tools security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00013.html" }, { "name": "FEDORA-2022-cd23eac6f4", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4TZF6QRJIDECGMEGBPXJCHZ6YC3VZ6Z/" }, { "name": "FEDORA-2022-1b8d3b2845", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5VV2R4LV4T3SNQJYRLFD4C75HBDVV76/" }, { "name": "FEDORA-2022-1c9c0bacaf", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZA63DWRW7HROTVBNRIPBJQWBYIYAQMEW/" }, { "url": "https://security.netapp.com/advisory/ntap-20221017-0003/" }, { "name": "GLSA-202210-27", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-27" } ] } }, "cveMetadata": { "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2022-31676", "datePublished": "2022-08-23T00:00:00", "dateReserved": "2022-05-25T00:00:00", "dateUpdated": "2024-08-03T07:26:00.916Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6793
Vulnerability from cvelistv5
Published
2023-12-13 18:40
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:07.419Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2023-6793" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [ { "changes": [ { "at": "8.1.24-h1", "status": "unaffected" } ], "lessThan": "All", "status": "unaffected", "version": "8.1", "versionType": "custom" }, { "changes": [ { "at": "9.0.17-h4", "status": "unaffected" } ], "lessThan": "9.0.17-h4", "status": "affected", "version": "9.0", "versionType": "custom" }, { "changes": [ { "at": "9.1.17", "status": "unaffected" } ], "lessThan": "9.1.17", "status": "affected", "version": "9.1", "versionType": "custom" }, { "lessThanOrEqual": "All", "status": "affected", "version": "10.0", "versionType": "custom" }, { "changes": [ { "at": "10.1.11", "status": "unaffected" } ], "lessThan": "10.1.11", "status": "affected", "version": "10.1", "versionType": "custom" }, { "changes": [ { "at": "10.2.5", "status": "unaffected" } ], "lessThan": "10.2.5", "status": "affected", "version": "10.2", "versionType": "custom" }, { "changes": [ { "at": "11.0.2", "status": "unaffected" } ], "lessThan": "11.0.2", "status": "affected", "version": "11.0", "versionType": "custom" }, { "lessThan": "All", "status": "unaffected", "version": "11.1", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Prisma Access", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "All" } ] }, { "defaultStatus": "unaffected", "product": "Cloud NGFW", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "All" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue is applicable only to PAN-OS configurations that have XML API access enabled.\u003cbr\u003e\u003cbr\u003eYou can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access" } ], "value": "This issue is applicable only to PAN-OS configurations that have XML API access enabled.\n\nYou can find more information about the XML API here: https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-panorama-api/pan-os-api-authentication/enable-api-access" } ], "datePublic": "2023-12-13T17:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage." } ], "value": "An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue." } ], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-13T18:40:54.955Z", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto" }, "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2023-6793" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions." } ], "value": "This issue is fixed in PAN-OS 9.0.17-h4, PAN-OS 9.1.17, PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions." } ], "source": { "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2023-12-13T17:00:00.000Z", "value": "Initial publication" } ], "title": "PAN-OS: XML API Keys Revoked by Read-Only PAN-OS Administrator", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices." } ], "value": "This issue requires the attacker to have authenticated access to the PAN-OS XML API. You can mitigate the impact of this issue by following the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2023-6793", "datePublished": "2023-12-13T18:40:54.955Z", "dateReserved": "2023-12-13T17:27:26.408Z", "dateUpdated": "2024-08-02T08:42:07.419Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-3383
Vulnerability from cvelistv5
Published
2024-04-10 17:06
Modified
2024-08-09 20:22
Severity ?
EPSS score ?
Summary
PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T20:12:06.566Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2024-3383" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-3383", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-09T20:22:10.488052Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-09T20:22:18.991Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "11.1.0" }, { "changes": [ { "at": "11.0.3", "status": "unaffected" } ], "lessThan": "11.0.3", "status": "affected", "version": "11.0.0", "versionType": "custom" }, { "changes": [ { "at": "10.2.5", "status": "unaffected" } ], "lessThan": "10.2.5", "status": "affected", "version": "10.2.0", "versionType": "custom" }, { "changes": [ { "at": "10.1.11", "status": "unaffected" } ], "lessThan": "10.1.11", "status": "affected", "version": "10.1.0", "versionType": "custom" }, { "status": "unaffected", "version": "9.1.0" }, { "status": "unaffected", "version": "9.0.0" } ] }, { "defaultStatus": "unaffected", "product": "Cloud NGFW", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "All" } ] }, { "defaultStatus": "unaffected", "product": "Prisma Access", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "All" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue applies only to PAN-OS firewall configurations with Cloud Identity Engine (CIE) enabled. You should verify whether CIE is configured on your firewall web interface (Device \u003e User Identification \u003e Cloud Identity Engine)." } ], "value": "This issue applies only to PAN-OS firewall configurations with Cloud Identity Engine (CIE) enabled. You should verify whether CIE is configured on your firewall web interface (Device \u003e User Identification \u003e Cloud Identity Engine)." } ], "credits": [ { "lang": "en", "type": "finder", "value": "Palo Alto Networks thanks Rodgers Moore, CCIE# 8153 of Insight.com, for discovering and reporting this issue." } ], "datePublic": "2024-04-10T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules." } ], "value": "A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e" } ], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n" } ], "impacts": [ { "capecId": "CAPEC-271", "descriptions": [ { "lang": "en", "value": "CAPEC-271 Schema Poisoning" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-282", "description": "CWE-282: Improper Ownership Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-10T17:06:15.823Z", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto" }, "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2024-3383" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.3, and all later PAN-OS versions.\u003cbr\u003e" } ], "value": "This issue is fixed in PAN-OS 10.1.11, PAN-OS 10.2.5, PAN-OS 11.0.3, and all later PAN-OS versions.\n" } ], "source": { "defect": [ "PAN-211764", "PAN-218522" ], "discovery": "USER" }, "timeline": [ { "lang": "en", "time": "2024-04-10T16:00:00.000Z", "value": "Initial publication" } ], "title": "PAN-OS: Improper Group Membership Change Vulnerability in Cloud Identity Engine (CIE)", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2024-3383", "datePublished": "2024-04-10T17:06:15.823Z", "dateReserved": "2024-04-05T17:40:16.359Z", "dateUpdated": "2024-08-09T20:22:18.991Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38802
Vulnerability from cvelistv5
Published
2023-08-29 00:00
Modified
2024-10-02 14:46
Severity ?
EPSS score ?
Summary
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:54:38.498Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=37305800" }, { "name": "DSA-5495", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5495" }, { "name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3573-1] frr security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html" }, { "name": "FEDORA-2023-514db5339e", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE/" }, { "name": "FEDORA-2023-ce436d56f8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO/" }, { "name": "FEDORA-2023-61abba57d8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-38802", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-02T14:46:38.606959Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-02T14:46:51.117Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-11-15T05:07:02.171314", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling" }, { "url": "https://news.ycombinator.com/item?id=37305800" }, { "name": "DSA-5495", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5495" }, { "name": "[debian-lts-announce] 20230919 [SECURITY] [DLA 3573-1] frr security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html" }, { "name": "FEDORA-2023-514db5339e", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE/" }, { "name": "FEDORA-2023-ce436d56f8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO/" }, { "name": "FEDORA-2023-61abba57d8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-38802", "datePublished": "2023-08-29T00:00:00", "dateReserved": "2023-07-25T00:00:00", "dateUpdated": "2024-10-02T14:46:51.117Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37454
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:29:21.027Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230203-0001/" }, { "name": "https://csrc.nist.gov/projects/hash-functions/sha-3-project", "tags": [ "x_transferred" ], "url": "https://csrc.nist.gov/projects/hash-functions/sha-3-project" }, { "name": "https://mouha.be/sha-3-buffer-overflow/", "tags": [ "x_transferred" ], "url": "https://mouha.be/sha-3-buffer-overflow/" }, { "name": "https://news.ycombinator.com/item?id=33281106", "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=33281106" }, { "name": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", "tags": [ "x_transferred" ], "url": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658" }, { "name": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html" }, { "name": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/" }, { "name": "https://www.debian.org/security/2022/dsa-5267", "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5267" }, { "name": "https://www.debian.org/security/2022/dsa-5269", "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5269" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/" }, { "tags": [ "x_transferred" ], "url": "https://eprint.iacr.org/2023/331" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=35050307" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "unknown", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-07T03:42:54.794928Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "https://csrc.nist.gov/projects/hash-functions/sha-3-project", "url": "https://csrc.nist.gov/projects/hash-functions/sha-3-project" }, { "name": "https://mouha.be/sha-3-buffer-overflow/", "url": "https://mouha.be/sha-3-buffer-overflow/" }, { "name": "https://news.ycombinator.com/item?id=33281106", "url": "https://news.ycombinator.com/item?id=33281106" }, { "name": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", "url": "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658" }, { "name": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html" }, { "name": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/" }, { "name": "https://www.debian.org/security/2022/dsa-5267", "url": "https://www.debian.org/security/2022/dsa-5267" }, { "name": "https://www.debian.org/security/2022/dsa-5269", "url": "https://www.debian.org/security/2022/dsa-5269" }, { "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/" }, { "url": "https://eprint.iacr.org/2023/331" }, { "url": "https://news.ycombinator.com/item?id=35050307" }, { "url": "https://security.gentoo.org/glsa/202305-02" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-37454", "datePublished": "2022-10-21T00:00:00", "dateReserved": "2022-08-07T00:00:00", "dateUpdated": "2024-08-03T10:29:21.027Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-9120
Vulnerability from cvelistv5
Published
2018-08-02 15:00
Modified
2024-08-05 16:55
Severity ?
EPSS score ?
Summary
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
References
▼ | URL | Tags |
---|---|---|
https://security.netapp.com/advisory/ntap-20181107-0003/ | x_refsource_CONFIRM | |
https://bugs.php.net/bug.php?id=74544 | x_refsource_MISC | |
https://access.redhat.com/errata/RHSA-2019:2519 | vendor-advisory, x_refsource_REDHAT |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:55:22.232Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20181107-0003/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.php.net/bug.php?id=74544" }, { "name": "RHSA-2019:2519", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2519" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-08-02T00:00:00", "descriptions": [ { "lang": "en", "value": "PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-08-19T10:06:07", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20181107-0003/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.php.net/bug.php?id=74544" }, { "name": "RHSA-2019:2519", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2519" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9120", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://security.netapp.com/advisory/ntap-20181107-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20181107-0003/" }, { "name": "https://bugs.php.net/bug.php?id=74544", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=74544" }, { "name": "RHSA-2019:2519", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2519" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9120", "datePublished": "2018-08-02T15:00:00", "dateReserved": "2017-05-21T00:00:00", "dateUpdated": "2024-08-05T16:55:22.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0008
Vulnerability from cvelistv5
Published
2024-02-14 17:32
Modified
2024-08-01 17:41
Severity ?
EPSS score ?
Summary
PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T17:41:15.529Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.paloaltonetworks.com/CVE-2024-0008" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "PAN-OS", "vendor": "Palo Alto Networks", "versions": [ { "changes": [ { "at": "9.0.17-h2", "status": "unaffected" } ], "lessThan": "9.0.17-h2", "status": "affected", "version": "9.0", "versionType": "custom" }, { "changes": [ { "at": "9.0.18", "status": "unaffected" } ], "lessThan": "9.0.18", "status": "affected", "version": "9.0", "versionType": "custom" }, { "changes": [ { "at": "9.1.17", "status": "unaffected" } ], "lessThan": "9.1.17", "status": "affected", "version": "9.1", "versionType": "custom" }, { "changes": [ { "at": "10.0.12-h1", "status": "unaffected" } ], "lessThan": "10.0.12-h1", "status": "affected", "version": "10.0", "versionType": "custom" }, { "changes": [ { "at": "10.0.13", "status": "unaffected" } ], "lessThan": "10.0.13", "status": "affected", "version": "10.0", "versionType": "custom" }, { "changes": [ { "at": "10.1.10-h1", "status": "unaffected" } ], "lessThan": "10.1.10-h1", "status": "affected", "version": "10.1", "versionType": "custom" }, { "changes": [ { "at": "10.1.11", "status": "unaffected" } ], "lessThan": "10.1.11", "status": "affected", "version": "10.1", "versionType": "custom" }, { "changes": [ { "at": "10.2.5", "status": "unaffected" } ], "lessThan": "10.2.5", "status": "affected", "version": "10.2", "versionType": "custom" }, { "changes": [ { "at": "11.0.2", "status": "unaffected" } ], "lessThan": "11.0.2", "status": "affected", "version": "11.0", "versionType": "custom" }, { "lessThan": "All", "status": "unaffected", "version": "11.1", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Prisma Access", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "All" } ] }, { "defaultStatus": "unaffected", "product": "Cloud NGFW", "vendor": "Palo Alto Networks", "versions": [ { "status": "unaffected", "version": "All" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Palo Alto Networks thanks Brian Yaklin for discovering and reporting this issue." } ], "datePublic": "2024-02-14T17:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access." } ], "value": "Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access." } ], "exploits": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\u003cbr\u003e" } ], "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-14T17:32:17.611Z", "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "shortName": "palo_alto" }, "references": [ { "url": "https://security.paloaltonetworks.com/CVE-2024-0008" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This issue is fixed in PAN-OS 9.0.17-h2, PAN-OS 9.1.17, PAN-OS 10.0.12-h1, PAN-OS 10.1.10-h1, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions." } ], "value": "This issue is fixed in PAN-OS 9.0.17-h2, PAN-OS 9.1.17, PAN-OS 10.0.12-h1, PAN-OS 10.1.10-h1, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions." } ], "source": { "defect": [ "PAN-211664" ], "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2024-02-14T17:00:00.000Z", "value": "Initial publication" } ], "title": "PAN-OS: Insufficient Session Expiration Vulnerability in the Web Interface", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Ensure that inactivity-based screen locks are enforced on endpoints with access to the PAN-OS web interface." } ], "value": "Ensure that inactivity-based screen locks are enforced on endpoints with access to the PAN-OS web interface." } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0", "assignerShortName": "palo_alto", "cveId": "CVE-2024-0008", "datePublished": "2024-02-14T17:32:17.611Z", "dateReserved": "2023-11-09T18:56:05.666Z", "dateUpdated": "2024-08-01T17:41:15.529Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.