Common Weakness Enumeration

CWE-121

Allowed

Stack-based Buffer Overflow

Abstraction: Variant · Status: Draft

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

5213 vulnerabilities reference this CWE, most recent first.

CVE-2024-39757 (GCVE-0-2024-39757)

Vulnerability from cvelistv5 – Published: 2025-01-14 14:21 – Updated: 2025-01-14 16:04
VLAI
Summary
A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Wavlink Wavlink AC3000 Affected: M33A8.V5030.210505
Create a notification for this product.
Credits
Discovered by Lilith >_> of Cisco Talos.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39757",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T15:46:02.895167Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T15:46:11.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-14T16:04:15.221Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2043"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Wavlink AC3000",
          "vendor": "Wavlink",
          "versions": [
            {
              "status": "affected",
              "version": "M33A8.V5030.210505"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Discovered by Lilith \u0026gt;_\u0026gt; of Cisco Talos."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:21:18.345Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2043",
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2043"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2024-39757",
    "datePublished": "2025-01-14T14:21:18.345Z",
    "dateReserved": "2024-06-28T18:06:02.838Z",
    "dateUpdated": "2025-01-14T16:04:15.221Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39605 (GCVE-0-2024-39605)

Vulnerability from cvelistv5 – Published: 2024-11-11 14:57 – Updated: 2024-11-11 16:07
VLAI
Title
Delta Electronics DIAScreen Stack-based Buffer Overflow
Summary
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Delta Electronics DIAScreen Affected: 0 , < v1.5.0 (custom)
Create a notification for this product.
deltaww diascreen Affected: 0 , < 1.5.0 (custom)
    cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "diascreen",
            "vendor": "deltaww",
            "versions": [
              {
                "lessThan": "1.5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39605",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-11T16:07:18.069762Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-11T16:07:22.507Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DIAScreen",
          "vendor": "Delta Electronics",
          "versions": [
            {
              "lessThan": "v1.5.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-11T14:57:23.741Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-02"
        },
        {
          "url": "https://www.deltaww.com/en-US/Cybersecurity_Advisory"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDelta Electronics has released \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://diastudio.deltaww.com/home/downloads?sec=download\"\u003ev1.5.0 of DIAScreen (login required)\u003c/a\u003e\u0026nbsp;and recommends users install this update on all affected systems.\u003c/p\u003e\u003cp\u003eFor more information, please see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en-US/Cybersecurity_Advisory\"\u003eDelta product cybersecurity advisory for these issues.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Delta Electronics has released  v1.5.0 of DIAScreen (login required) https://diastudio.deltaww.com/home/downloads \u00a0and recommends users install this update on all affected systems.\n\nFor more information, please see the  Delta product cybersecurity advisory for these issues. https://www.deltaww.com/en-US/Cybersecurity_Advisory"
        }
      ],
      "source": {
        "advisory": "ICSA-24-312-02",
        "discovery": "EXTERNAL"
      },
      "title": "Delta Electronics DIAScreen Stack-based Buffer Overflow",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-39605",
    "datePublished": "2024-11-11T14:57:23.741Z",
    "dateReserved": "2024-07-16T16:12:58.995Z",
    "dateUpdated": "2024-11-11T16:07:22.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39603 (GCVE-0-2024-39603)

Vulnerability from cvelistv5 – Published: 2025-01-14 14:21 – Updated: 2025-01-14 16:04
VLAI
Summary
A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Wavlink Wavlink AC3000 Affected: M33A8.V5030.210505
Create a notification for this product.
Credits
Discovered by Lilith &gt;_&gt; of Cisco Talos.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39603",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T15:43:11.151358Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T15:43:34.664Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-14T16:04:09.905Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2042"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Wavlink AC3000",
          "vendor": "Wavlink",
          "versions": [
            {
              "status": "affected",
              "version": "M33A8.V5030.210505"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Discovered by Lilith \u0026gt;_\u0026gt; of Cisco Talos."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:21:20.463Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2042",
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2042"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2024-39603",
    "datePublished": "2025-01-14T14:21:20.463Z",
    "dateReserved": "2024-06-28T18:06:04.170Z",
    "dateUpdated": "2025-01-14T16:04:09.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39556 (GCVE-0-2024-39556)

Vulnerability from cvelistv5 – Published: 2024-07-10 22:38 – Updated: 2024-08-02 04:26
VLAI
Title
Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow
Summary
A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution. By exploiting the 'set security certificates' command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user's command interpreter, or potentially trigger a stack-based buffer overflow. This issue affects:  Junos OS: * All versions before 21.4R3-S7, * from 22.1 before 22.1R3-S6, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2;  Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * from 22.1-EVO before 22.1R3-S6-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-S2-EVO, * from 23.2-EVO before 23.2R2-EVO, * from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 0 , < 21.4R3-S7 (semver)
Affected: 22.1 , < 22.1R3-S6 (semver)
Affected: 22.2 , < 22.2R3-S4 (semver)
Affected: 22.3 , < 22.3R3-S3 (semver)
Affected: 22.4 , < 22.4R3-S2 (semver)
Affected: 23.2 , < 23.2R2 (semver)
Affected: 23.4 , < 23.4R1-S1, 23.4R2 (semver)
Create a notification for this product.
Juniper Networks Junos OS Evolved Affected: 0 , < 21.4R3-S7-EVO (semver)
Affected: 22.1-EVO , < 22.1R3-S6-EVO (semver)
Affected: 22.2-EVO , < 22.2R3-S4-EVO (semver)
Affected: 22.3-EVO , < 22.3R3-S3-EVO (semver)
Affected: 22.4-EVO , < 22.4R3-S2-EVO (semver)
Affected: 23.2-EVO , < 23.2R2-EVO (semver)
Affected: 23.4-EVO , < 23.4R1-S1-EVO, 23.4R2-EVO (semver)
Create a notification for this product.
juniper junos_os_evolved Affected: 0 , < 21.4r3-s7-evo (semver)
Affected: 22.1-evo , < 22.1r3-s6-evo (semver)
Affected: 22.2-evo , < 22.2r3-s4-evo (semver)
Affected: 22.3-evo , < 22.3r3-s3-evo (semver)
Affected: 22.4-evo , < 22.4r3-s3-evo (semver)
Affected: 23.2-evo , < 23.2r2-evo (semver)
    cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*
Create a notification for this product.
juniper junos_os Affected: 0 , < 21.4r3-s7 (semver)
Affected: 22.1 , < 22.1r3-s6 (semver)
Affected: 22.2 , < 22.2r3-s4 (semver)
Affected: 22.3 , < 22.3r3-s3 (semver)
Affected: 22.4 , < 22.4r3-s2 (semver)
Affected: 23.2 , < 23.2r2 (semver)
Affected: 23.4 , < 23.4r1-s1 (semver)
Affected: 23.4 , < 23.4r2 (semver)
Affected: 23.4-evo , < 23.4r1-s1-evo (semver)
Affected: 23.4-evo , < 23.4r2-evo (semver)
    cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-07-10 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "junos_os_evolved",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "21.4r3-s7-evo",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "22.1r3-s6-evo",
                "status": "affected",
                "version": "22.1-evo",
                "versionType": "semver"
              },
              {
                "lessThan": "22.2r3-s4-evo",
                "status": "affected",
                "version": "22.2-evo",
                "versionType": "semver"
              },
              {
                "lessThan": "22.3r3-s3-evo",
                "status": "affected",
                "version": "22.3-evo",
                "versionType": "semver"
              },
              {
                "lessThan": "22.4r3-s3-evo",
                "status": "affected",
                "version": "22.4-evo",
                "versionType": "semver"
              },
              {
                "lessThan": "23.2r2-evo",
                "status": "affected",
                "version": "23.2-evo",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "junos_os",
            "vendor": "juniper",
            "versions": [
              {
                "lessThan": "21.4r3-s7",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "22.1r3-s6",
                "status": "affected",
                "version": "22.1",
                "versionType": "semver"
              },
              {
                "lessThan": "22.2r3-s4",
                "status": "affected",
                "version": "22.2",
                "versionType": "semver"
              },
              {
                "lessThan": "22.3r3-s3",
                "status": "affected",
                "version": "22.3",
                "versionType": "semver"
              },
              {
                "lessThan": "22.4r3-s2",
                "status": "affected",
                "version": "22.4",
                "versionType": "semver"
              },
              {
                "lessThan": "23.2r2",
                "status": "affected",
                "version": "23.2",
                "versionType": "semver"
              },
              {
                "lessThan": "23.4r1-s1",
                "status": "affected",
                "version": "23.4",
                "versionType": "semver"
              },
              {
                "lessThan": "23.4r2",
                "status": "affected",
                "version": "23.4",
                "versionType": "semver"
              },
              {
                "lessThan": "23.4r1-s1-evo",
                "status": "affected",
                "version": "23.4-evo",
                "versionType": "semver"
              },
              {
                "lessThan": "23.4r2-evo",
                "status": "affected",
                "version": "23.4-evo",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39556",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-12T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-13T03:55:17.897Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.938Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA83016"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.4R3-S7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S6",
              "status": "affected",
              "version": "22.1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S4",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S3",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S2",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R1-S1, 23.4R2",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.4R3-S7-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S6-EVO",
              "status": "affected",
              "version": "22.1-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S4-EVO",
              "status": "affected",
              "version": "22.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R3-S3-EVO",
              "status": "affected",
              "version": "22.3-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S2-EVO",
              "status": "affected",
              "version": "22.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-EVO",
              "status": "affected",
              "version": "23.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R1-S1-EVO, 23.4R2-EVO",
              "status": "affected",
              "version": "23.4-EVO",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-07-10T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.\u003cbr\u003e\u003cbr\u003eBy exploiting the \u0027set security certificates\u0027 command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user\u0027s command interpreter, or potentially trigger a stack-based buffer overflow.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\u0026nbsp;Junos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S7, \u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S6, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S1, 23.4R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S7-EVO, \u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S2-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.\n\nBy exploiting the \u0027set security certificates\u0027 command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user\u0027s command interpreter, or potentially trigger a stack-based buffer overflow.\n\n\nThis issue affects:\n\n\u00a0Junos OS: \n\n\n  *  All versions before 21.4R3-S7, \n  *  from 22.1 before 22.1R3-S6, \n  *  from 22.2 before 22.2R3-S4, \n  *  from 22.3 before 22.3R3-S3, \n  *  from 22.4 before 22.4R3-S2, \n  *  from 23.2 before 23.2R2, \n  *  from 23.4 before 23.4R1-S1, 23.4R2;\u00a0\n\n\n\n\nJunos OS Evolved: \n\n\n  *  All versions before 21.4R3-S7-EVO, \n  *  from 22.1-EVO before 22.1R3-S6-EVO, \n  *  from 22.2-EVO before 22.2R3-S4-EVO, \n  *  from 22.3-EVO before 22.3R3-S3-EVO, \n  *  from 22.4-EVO before 22.4R3-S2-EVO, \n  *  from 23.2-EVO before 23.2R2-EVO, \n  *  from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-10T22:38:44.894Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA83016"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003e\nJunos OS Evolved:\u0026nbsp;21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\n\nJunos OS Evolved:\u00a021.2R3-S8-EVO, 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA83016",
        "defect": [
          "1780283"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2024-39556",
    "datePublished": "2024-07-10T22:38:44.894Z",
    "dateReserved": "2024-06-25T15:12:53.247Z",
    "dateUpdated": "2024-08-02T04:26:15.938Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39389 (GCVE-0-2024-39389)

Vulnerability from cvelistv5 – Published: 2024-08-14 15:05 – Updated: 2024-08-16 04:01
VLAI
Title
Adobe Indesign PDF File Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerability
Summary
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow (CWE-121)
Assigner
References
Impacted products
Vendor Product Version
Adobe InDesign Desktop Affected: 0 , ≤ ID18.5.2 (semver)
Create a notification for this product.
adobe indesign Affected: 0 , ≤ 19.4 (semver)
Affected: 0 , ≤ 18.5.2 (semver)
    cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-08-13 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "indesign",
            "vendor": "adobe",
            "versions": [
              {
                "lessThanOrEqual": "19.4",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "18.5.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39389",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-16T04:01:56.110Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "InDesign Desktop",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "ID18.5.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2024-08-13T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "NOT_DEFINED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow (CWE-121)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-14T15:05:42.561Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/indesign/apsb24-56.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Indesign PDF File Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2024-39389",
    "datePublished": "2024-08-14T15:05:42.561Z",
    "dateReserved": "2024-06-24T20:32:06.588Z",
    "dateUpdated": "2024-08-16T04:01:56.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39359 (GCVE-0-2024-39359)

Vulnerability from cvelistv5 – Published: 2025-01-14 14:21 – Updated: 2025-01-14 16:04
VLAI
Summary
A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Wavlink Wavlink AC3000 Affected: M33A8.V5030.210505
Create a notification for this product.
Credits
Discovered by Lilith &gt;_&gt; of Cisco Talos.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39359",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T15:36:51.819452Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T15:37:00.564Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-14T16:04:03.526Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2040"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Wavlink AC3000",
          "vendor": "Wavlink",
          "versions": [
            {
              "status": "affected",
              "version": "M33A8.V5030.210505"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Discovered by Lilith \u0026gt;_\u0026gt; of Cisco Talos."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:21:21.683Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2040",
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2040"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2024-39359",
    "datePublished": "2025-01-14T14:21:21.683Z",
    "dateReserved": "2024-06-28T18:06:07.280Z",
    "dateUpdated": "2025-01-14T16:04:03.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39357 (GCVE-0-2024-39357)

Vulnerability from cvelistv5 – Published: 2025-01-14 14:21 – Updated: 2025-01-14 16:04
VLAI
Summary
A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Wavlink Wavlink AC3000 Affected: M33A8.V5030.210505
Create a notification for this product.
Credits
Discovered by Lilith &gt;_&gt; of Cisco Talos.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39357",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T15:35:19.963498Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T15:35:28.715Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-14T16:04:01.283Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2039"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Wavlink AC3000",
          "vendor": "Wavlink",
          "versions": [
            {
              "status": "affected",
              "version": "M33A8.V5030.210505"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Discovered by Lilith \u0026gt;_\u0026gt; of Cisco Talos."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T14:21:22.249Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2039",
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2039"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2024-39357",
    "datePublished": "2025-01-14T14:21:22.249Z",
    "dateReserved": "2024-06-28T18:06:08.518Z",
    "dateUpdated": "2025-01-14T16:04:01.283Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39354 (GCVE-0-2024-39354)

Vulnerability from cvelistv5 – Published: 2024-11-11 14:59 – Updated: 2024-11-11 16:07
VLAI
Title
Delta Electronics DIAScreen Stack-based Buffer Overflow
Summary
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Delta Electronics DIAScreen Affected: 0 , < v1.5.0 (custom)
Create a notification for this product.
deltaww diascreen Affected: 0 , < 1.5.0 (custom)
    cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "diascreen",
            "vendor": "deltaww",
            "versions": [
              {
                "lessThan": "1.5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39354",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-11T16:07:33.279755Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-11T16:07:37.602Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DIAScreen",
          "vendor": "Delta Electronics",
          "versions": [
            {
              "lessThan": "v1.5.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-11T14:59:38.364Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-02"
        },
        {
          "url": "https://www.deltaww.com/en-US/Cybersecurity_Advisory"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDelta Electronics has released \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://diastudio.deltaww.com/home/downloads?sec=download\"\u003ev1.5.0 of DIAScreen (login required)\u003c/a\u003e\u0026nbsp;and recommends users install this update on all affected systems.\u003c/p\u003e\u003cp\u003eFor more information, please see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en-US/Cybersecurity_Advisory\"\u003eDelta product cybersecurity advisory for these issues.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Delta Electronics has released  v1.5.0 of DIAScreen (login required) https://diastudio.deltaww.com/home/downloads \u00a0and recommends users install this update on all affected systems.\n\nFor more information, please see the  Delta product cybersecurity advisory for these issues. https://www.deltaww.com/en-US/Cybersecurity_Advisory"
        }
      ],
      "source": {
        "advisory": "ICSA-24-312-02",
        "discovery": "EXTERNAL"
      },
      "title": "Delta Electronics DIAScreen Stack-based Buffer Overflow",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-39354",
    "datePublished": "2024-11-11T14:59:38.364Z",
    "dateReserved": "2024-07-16T16:12:58.987Z",
    "dateUpdated": "2024-11-11T16:07:37.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38509 (GCVE-0-2024-38509)

Vulnerability from cvelistv5 – Published: 2024-07-26 19:45 – Updated: 2024-08-02 04:12
VLAI
Summary
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Lenovo XClarity Controller Affected: various
Create a notification for this product.
lenovo thinkagile_hx5530_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx5530_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx7530_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx7530_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx3331_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx3331_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx_enclosure_certified_node_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx_enclosure_certified_node_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx1021_edg_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx1021_edg_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx1320_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx1320_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx1331_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx1331_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx1321_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx1321_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx1520-r_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx1520-r_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx1521-r_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx1521-r_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx2320-e_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx2320-e_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx2321_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx2321_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx2330_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx2330_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx2331_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx2331_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx2720-e_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx2720-e_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx3320_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx3320_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx3321_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx3321_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx3330_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx3330_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx3331 Affected: 0 , < 4.71 (custom)
    cpe:2.3:h:lenovo:thinkagile_hx3331:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx3375_firmware Affected: 0 , < 5.61 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx3375_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx3376_firmware Affected: 0 , < 5.61 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx3376_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx3520-g_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx3520-g_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx3521-g_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx3521-g_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx3720_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx3720_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx3721_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx3721_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx5520-c_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx5520-c_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx5521-c_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx5521-c_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx5531_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx5531_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx7520_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx7520_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx7521_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx7521_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx7531_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx7531_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx7820_firmware Affected: 0 , < 3.11 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx7820_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_hx7821_firmware Affected: 0 , < 3.11 (custom)
    cpe:2.3:o:lenovo:thinkagile_hx7821_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_mx1020_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinkagile_mx1020_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_mx3330-f_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_mx3330-f_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_mx3330-h_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_mx3330-h_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_mx3331-f_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_mx3331-f_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_mx3331-h_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_mx3331-h_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_mx3530_f_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_mx3530_f_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_mx3530-h_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_mx3530-h_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_mx3531-f_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_mx3531-f_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx1320_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx1320_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx2320_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx2320_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx2330_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx2330_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx3320_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx3320_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx3330_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx3330_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx3520-g_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx3520-g_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx3530-g_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx3530-g_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx3720_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx3720_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx5520_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx5520_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx5530_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx5530_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx7320_n_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx7320_n_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx7330_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx7330_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx7520_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx7520_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx7520_n_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx7520_n_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx7530_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx7530_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx7531_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx7531_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkagile_vx7820_firmware Affected: 0 , < 3.11 (custom)
    cpe:2.3:o:lenovo:thinkagile_vx7820_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinkstation_p920_workstation_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinkstation_p920_workstation_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_st250_firmware Affected: 0 , < 1.12 (custom)
    cpe:2.3:o:lenovo:thinksystem_st250_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sd530_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sd530_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sd630_v2_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sd630_v2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sd650_dual_node_tray_firmware Affected: 0 , < 4.11 (custom)
Affected: 0 , < 6.36 (custom)
    cpe:2.3:o:lenovo:thinksystem_sd650_dual_node_tray_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sd650-n_v2_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sd650-n_v2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sd650_v3_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sd650_v3_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sd665_v3_firmware Affected: 0 , < 5.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sd665_v3_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_se350_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_se350_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sn550_firmware Affected: 0 , < 4.11 (custom)
Affected: 0 , < 6.36 (custom)
    cpe:2.3:o:lenovo:thinksystem_sn550_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sn550_v2_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sn550_v2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sn850_firmware Affected: 0 , < 4.11 (custom)
Affected: 0 , < 6.36 (custom)
    cpe:2.3:o:lenovo:thinksystem_sn850_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr150_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr150_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr158_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr158_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr250_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr250_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr250_v2_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr250_v2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr258_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr258_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr258_v2_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr258_v2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr530_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr530_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr550_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr550_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr570_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr570_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr590_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr590_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr630_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr630_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr630_v2_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr630_v2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr630_v3_firmware Affected: 0 , < 4.51 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr630_v3_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr635_firmware Affected: 0 , < 2.81 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr635_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr645_firmware Affected: 0 , < 5.61 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr645_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr645_v3_firmware Affected: 0 , < 2.81 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr645_v3_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr650_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr650_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr650_v2_firmware Affected: 0 , < 4.71 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr650_v2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr655_v3_firmware Affected: 0 , < 2.81 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr655_v3_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr665_firmware Affected: 0 , < 5.61 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr665_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr665_v3_firmware Affected: 0 , < 5.61 (custom)
Affected: 0 , < 2.81 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr665_v3_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr670_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr670_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr670_v2_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr670_v2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr670_v2_firmware Affected: 0 , < 5.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr670_v2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr675_v3_firmware Affected: 0 , < 5.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr675_v3_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr850_firmware Affected: 0 , < 6.36 (custom)
Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr850_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr850_v2_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr850_v2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr850_v3_firmware Affected: 0 , < 1.20 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr850_v3_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr850p_firmware Affected: 0 , < 6.36 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr850p_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr860_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr860_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr860_v2_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr860_v2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr860_v3_firmware Affected: 0 , < 1.20 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr860_v3_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_sr950_firmware Affected: 0 , < 3.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_sr950_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_st250_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_st250_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_st250_v2_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_st250_v2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_st258_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_st258_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_st258_v2_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_st258_v2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_st550_firmware Affected: 0 , < 9.97 (custom)
    cpe:2.3:o:lenovo:thinksystem_st550_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_st650_v2_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_st650_v2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_st650_v3_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_st650_v3_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_st658_v2_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_st658_v2_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
lenovo thinksystem_st658_v3_firmware Affected: 0 , < 4.11 (custom)
    cpe:2.3:o:lenovo:thinksystem_st658_v3_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx5530_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx5530_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx7530_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx7530_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx3331_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx3331_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx_enclosure_certified_node_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx_enclosure_certified_node_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx1021_edg_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx1021_edg_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx1320_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx1320_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx1331_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx1331_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx1321_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx1321_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx1520-r_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx1520-r_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx1521-r_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx1521-r_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx2320-e_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx2320-e_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx2321_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx2321_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx2330_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx2330_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx2331_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx2331_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx2720-e_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx2720-e_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx3320_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx3320_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx3321_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx3321_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx3330_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx3330_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:lenovo:thinkagile_hx3331:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx3331",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx3375_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx3375_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "5.61",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx3376_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx3376_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "5.61",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx3520-g_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx3520-g_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx3521-g_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx3521-g_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx3720_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx3720_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx3721_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx3721_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx5520-c_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx5520-c_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx5521-c_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx5521-c_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx5531_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx5531_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx7520_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx7520_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx7521_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx7521_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx7521_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx7521_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx7530_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx7530_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx7531_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx7531_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx7820_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx7820_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_hx7821_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_hx7821_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_mx1020_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_mx1020_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_mx3330-f_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_mx3330-f_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_mx3330-h_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_mx3330-h_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_mx3331-f_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_mx3331-f_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_mx3331-h_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_mx3331-h_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_mx3530_f_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_mx3530_f_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_mx3530-h_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_mx3530-h_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_mx3531-f_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_mx3531-f_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx1320_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx1320_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx2320_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx2320_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx2330_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx2330_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx3320_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx3320_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx3330_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx3330_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx3520-g_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx3520-g_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx3530-g_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx3530-g_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx3720_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx3720_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx5520_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx5520_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx5530_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx5530_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx7320_n_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx7320_n_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx7330_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx7330_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx7520_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx7520_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx7520_n_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx7520_n_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx7530_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx7530_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx7531_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx7531_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkagile_vx7820_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkagile_vx7820_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinkstation_p920_workstation_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinkstation_p920_workstation_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_st250_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_st250_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "1.12",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sd530_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sd530_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sd630_v2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sd630_v2_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sd650_dual_node_tray_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sd650_dual_node_tray_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "6.36",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sd650-n_v2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sd650-n_v2_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sd650_v3_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sd650_v3_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sd665_v3_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sd665_v3_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "5.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_se350_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_se350_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sn550_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sn550_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "6.36",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sn550_v2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sn550_v2_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sn850_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sn850_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "6.36",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr150_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr150_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr158_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr158_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr250_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr250_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr250_v2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr250_v2_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr258_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr258_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr258_v2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr258_v2_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr530_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr530_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr550_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr550_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr570_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr570_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr590_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr590_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr630_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr630_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr630_v2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr630_v2_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr630_v3_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr630_v3_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.51",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr635_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr635_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "2.81",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr645_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr645_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "5.61",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr645_v3_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr645_v3_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "2.81",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr650_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr650_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr650_v2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr650_v2_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.71",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr655_v3_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr655_v3_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "2.81",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr665_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr665_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "5.61",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr665_v3_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr665_v3_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "5.61",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "2.81",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr670_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr670_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr670_v2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr670_v2_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr670_v2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr670_v2_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "5.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr675_v3_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr675_v3_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "5.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr850_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr850_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "6.36",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr850_v2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr850_v2_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr850_v3_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr850_v3_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr850p_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr850p_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "6.36",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr860_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr860_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr860_v2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr860_v2_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr860_v3_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr860_v3_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_sr950_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_sr950_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "3.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_st250_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_st250_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_st250_v2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_st250_v2_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_st258_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_st258_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_st258_v2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_st258_v2_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_st550_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_st550_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "9.97",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_st650_v2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_st650_v2_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_st650_v3_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_st650_v3_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_st658_v2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_st658_v2_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:lenovo:thinksystem_st658_v3_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thinksystem_st658_v3_firmware",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "4.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38509",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-27T17:20:51.281908Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-27T17:21:01.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:24.979Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/LEN-156781"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "XClarity Controller",
          "vendor": "Lenovo",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.\u003c/span\u003e"
            }
          ],
          "value": "A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-26T19:45:01.471Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "url": "https://support.lenovo.com/us/en/product_security/LEN-156781"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to the version (or newer) indicated for your model in the Product Impact section in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-156781\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-156781\u003c/a\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Update to the version (or newer) indicated for your model in the Product Impact section in the advisory:  https://support.lenovo.com/us/en/product_security/LEN-156781"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2024-38509",
    "datePublished": "2024-07-26T19:45:01.471Z",
    "dateReserved": "2024-06-18T14:42:40.470Z",
    "dateUpdated": "2024-08-02T04:12:24.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38410 (GCVE-0-2024-38410)

Vulnerability from cvelistv5 – Published: 2024-11-04 10:04 – Updated: 2024-11-16 04:55
VLAI
Title
Stack-based Buffer Overflow in WLAN Windows Host
Summary
Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: FastConnect 6700
Affected: FastConnect 6900
Affected: FastConnect 7800
Affected: QCC2073
Affected: QCC2076
Affected: QCM5430
Affected: QCM6490
Affected: QCS5430
Affected: QCS6490
Affected: Qualcomm Video Collaboration VC3 Platform
Affected: SC8380XP
Affected: SDM429W
Affected: Snapdragon 429 Mobile Platform
Affected: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)
Affected: WCD9370
Affected: WCD9375
Affected: WCD9380
Affected: WCD9385
Affected: WCN3620
Affected: WCN3660B
Affected: WSA8830
Affected: WSA8835
Affected: WSA8840
Affected: WSA8845
Affected: WSA8845H
Create a notification for this product.
qualcomm fastconnect_6700_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm fastconnect_6900_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm fastconnect_7800_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcc2073_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcc2073_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcc2076_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcc2076_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcm5430_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcm6490_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcs5430_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcs5430_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qcs6490_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm qualcomm_video_collaboration_vc3_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:qualcomm_video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm sc8380xp_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm sdm429w_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm snapdragon_429_mobile_platform_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:snapdragon_429_mobile_platform_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9370_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9375_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9380_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcd9385_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcn3620_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wcn3660b_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8830_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8835_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8840_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8845_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
qualcomm wsa8845h_firmware Affected: 0 , ≤ * (custom)
    cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_6700_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_6900_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fastconnect_7800_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcc2073_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcc2073_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcc2076_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcc2076_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcm5430_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcm6490_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcs5430_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcs5430_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qcs6490_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:qualcomm_video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qualcomm_video_collaboration_vc3_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sc8380xp_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sdm429w_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:snapdragon_429_mobile_platform_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snapdragon_429_mobile_platform_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9370_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9375_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9380_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcd9385_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcn3620_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wcn3660b_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8830_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8835_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8840_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8845_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wsa8845h_firmware",
            "vendor": "qualcomm",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38410",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-16T04:55:25.671Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Compute",
            "Snapdragon Connectivity",
            "Snapdragon Consumer Electronics Connectivity",
            "Snapdragon Industrial IOT",
            "Snapdragon Wearables"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "FastConnect 6700"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "FastConnect 7800"
            },
            {
              "status": "affected",
              "version": "QCC2073"
            },
            {
              "status": "affected",
              "version": "QCC2076"
            },
            {
              "status": "affected",
              "version": "QCM5430"
            },
            {
              "status": "affected",
              "version": "QCM6490"
            },
            {
              "status": "affected",
              "version": "QCS5430"
            },
            {
              "status": "affected",
              "version": "QCS6490"
            },
            {
              "status": "affected",
              "version": "Qualcomm Video Collaboration VC3 Platform"
            },
            {
              "status": "affected",
              "version": "SC8380XP"
            },
            {
              "status": "affected",
              "version": "SDM429W"
            },
            {
              "status": "affected",
              "version": "Snapdragon 429 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"
            },
            {
              "status": "affected",
              "version": "WCD9370"
            },
            {
              "status": "affected",
              "version": "WCD9375"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WCN3620"
            },
            {
              "status": "affected",
              "version": "WCN3660B"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            },
            {
              "status": "affected",
              "version": "WSA8840"
            },
            {
              "status": "affected",
              "version": "WSA8845"
            },
            {
              "status": "affected",
              "version": "WSA8845H"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T10:04:53.283Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html"
        }
      ],
      "title": "Stack-based Buffer Overflow in WLAN Windows Host"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2024-38410",
    "datePublished": "2024-11-04T10:04:53.283Z",
    "dateReserved": "2024-06-16T00:50:18.903Z",
    "dateUpdated": "2024-11-16T04:55:25.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Implementation

Implement and perform bounds checking on input.

Mitigation
Implementation

Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.

Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].

No CAPEC attack patterns related to this CWE.