VAR-201701-0627
Vulnerability from variot - Updated: 2023-12-18 12:20The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. ViprinetEuropeMultichannelVPNRouter300 is a multi-channel VPN router product from ViprinetEurope, Germany. A security vulnerability exists in ViprinetEuropeMultichannelVPNRouter300 that caused the program to fail to validate the certificate. An attacker could exploit the vulnerability to perform a man-in-the-middle attack and impersonate a trusted server. Multiple cross-site scripting vulnerabilities 2. An HTML-injection vulnerability 3. Multiple security-bypass vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and to launch other attacks, perform man-in-the-middle attacks and impersonate trusted servers or bypass certain security restrictions and perform unauthorized actions.
In this example, we perform a downgrade attack from protocol version 3 to protocol version 2, however as noted in the impact, version 3 of the protocol is similarly affected.
Note: MITRE have assigned CVE-2014-9754 to reference the missing certificate validation and CVE-2014-9755 to reference the protocol downgrade attack.
Further details at: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-9754-cve-2014-9755/
Copyright: Copyright (c) Portcullis Computer Security Limited 2015, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited.
Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201701-0627",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "multichannel vpn router 300",
"scope": "eq",
"trust": 1.6,
"vendor": "viprinet",
"version": "2013070830"
},
{
"model": "multichannel vpn router 300",
"scope": "eq",
"trust": 1.6,
"vendor": "viprinet",
"version": "2013080900"
},
{
"model": "multichannel vpn router 300",
"scope": null,
"trust": 0.8,
"vendor": "viprinet europe",
"version": null
},
{
"model": "multichannel vpn router 300",
"scope": "eq",
"trust": 0.8,
"vendor": "viprinet europe",
"version": "2013070830"
},
{
"model": "multichannel vpn router 300",
"scope": "eq",
"trust": 0.8,
"vendor": "viprinet europe",
"version": "2013080900"
},
{
"model": "europe multichannel vpn router",
"scope": "eq",
"trust": 0.6,
"vendor": "viprinet",
"version": "300"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01188"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008188"
},
{
"db": "NVD",
"id": "CVE-2014-9754"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-368"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013080900:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013070830:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:viprinet:multichannel_vpn_router_300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9754"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tim Brown",
"sources": [
{
"db": "BID",
"id": "82583"
},
{
"db": "PACKETSTORM",
"id": "135614"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-368"
}
],
"trust": 1.0
},
"cve": "CVE-2014-9754",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-9754",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-01188",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-77699",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-9754",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9754",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-01188",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-368",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-77699",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01188"
},
{
"db": "VULHUB",
"id": "VHN-77699"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008188"
},
{
"db": "NVD",
"id": "CVE-2014-9754"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-368"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint\u0027s SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. ViprinetEuropeMultichannelVPNRouter300 is a multi-channel VPN router product from ViprinetEurope, Germany. A security vulnerability exists in ViprinetEuropeMultichannelVPNRouter300 that caused the program to fail to validate the certificate. An attacker could exploit the vulnerability to perform a man-in-the-middle attack and impersonate a trusted server. Multiple cross-site scripting vulnerabilities\n2. An HTML-injection vulnerability\n3. Multiple security-bypass vulnerabilities\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and to launch other attacks, perform man-in-the-middle attacks and impersonate trusted servers or bypass certain security restrictions and perform unauthorized actions. \n\n\tIn this example, we perform a downgrade attack from protocol version 3 to protocol version 2, however as noted in the impact, version 3 of the protocol is similarly affected. \n\n\tNote: MITRE have assigned CVE-2014-9754 to reference the missing certificate validation and CVE-2014-9755 to reference the protocol downgrade attack. \n \n\n \nFurther details at: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-9754-cve-2014-9755/\n\nCopyright:\nCopyright (c) Portcullis Computer Security Limited 2015, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. \n\nDisclaimer:\nThe information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user\u0027s risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9754"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008188"
},
{
"db": "CNVD",
"id": "CNVD-2016-01188"
},
{
"db": "BID",
"id": "82583"
},
{
"db": "VULHUB",
"id": "VHN-77699"
},
{
"db": "PACKETSTORM",
"id": "135614"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9754",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "135614",
"trust": 1.8
},
{
"db": "BID",
"id": "82583",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008188",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-01188",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201602-368",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-77699",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01188"
},
{
"db": "VULHUB",
"id": "VHN-77699"
},
{
"db": "BID",
"id": "82583"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008188"
},
{
"db": "PACKETSTORM",
"id": "135614"
},
{
"db": "NVD",
"id": "CVE-2014-9754"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-368"
}
]
},
"id": "VAR-201701-0627",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01188"
},
{
"db": "VULHUB",
"id": "VHN-77699"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01188"
}
]
},
"last_update_date": "2023-12-18T12:20:10.911000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multichannel VPN Router 300/310",
"trust": 0.8,
"url": "https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310"
},
{
"title": "ViprinetEuropeMultichannelVPNRouter300 man-in-the-middle attack vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/71679"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01188"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77699"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008188"
},
{
"db": "NVD",
"id": "CVE-2014-9754"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2016/feb/8"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/135614/viprinet-multichannel-vpn-router-300-identity-verification-fail.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/82583"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/537441/100/0/threaded"
},
{
"trust": 0.9,
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-9754-cve-2014-9755/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9754"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9754"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/537441/100/0/threaded"
},
{
"trust": 0.3,
"url": "https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9755"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9754"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01188"
},
{
"db": "VULHUB",
"id": "VHN-77699"
},
{
"db": "BID",
"id": "82583"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008188"
},
{
"db": "PACKETSTORM",
"id": "135614"
},
{
"db": "NVD",
"id": "CVE-2014-9754"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-368"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01188"
},
{
"db": "VULHUB",
"id": "VHN-77699"
},
{
"db": "BID",
"id": "82583"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008188"
},
{
"db": "PACKETSTORM",
"id": "135614"
},
{
"db": "NVD",
"id": "CVE-2014-9754"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-368"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01188"
},
{
"date": "2017-01-20T00:00:00",
"db": "VULHUB",
"id": "VHN-77699"
},
{
"date": "2016-02-03T00:00:00",
"db": "BID",
"id": "82583"
},
{
"date": "2017-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008188"
},
{
"date": "2016-02-05T16:22:22",
"db": "PACKETSTORM",
"id": "135614"
},
{
"date": "2017-01-20T15:59:00.193000",
"db": "NVD",
"id": "CVE-2014-9754"
},
{
"date": "2016-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-368"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01188"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-77699"
},
{
"date": "2016-07-05T21:22:00",
"db": "BID",
"id": "82583"
},
{
"date": "2017-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008188"
},
{
"date": "2018-10-09T19:55:12.827000",
"db": "NVD",
"id": "CVE-2014-9754"
},
{
"date": "2017-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-368"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "135614"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-368"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Viprinet Multichannel VPN Router 300 Hardware VPN Man-in-the-middle vulnerability in a client",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008188"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-368"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…