CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2022-21678 (GCVE-0-2022-21678)
Vulnerability from cvelistv5 – Published: 2022-01-13 17:30 – Updated: 2025-04-23 19:13- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
| URL | Tags |
|---|---|
| https://github.com/discourse/discourse/security/a… | x_refsource_CONFIRM |
| https://github.com/discourse/discourse/commit/5e2… | x_refsource_MISC |
| https://github.com/discourse/discourse/commit/c0b… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jwww-46gv-564m"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/5e2e178fcfb490c37b9f8bb9f737185441b1d6de"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/c0bb775f3f35b1b0d04a5b2a984f57c3e39f9e6c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21678",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:12:20.672874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:13:09.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "\u003c 2.7.13"
},
{
"status": "affected",
"version": "\u003c 2.8.0.beta11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `\u003cmeta\u003e` tags on their users\u0027 pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-13T17:30:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jwww-46gv-564m"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/5e2e178fcfb490c37b9f8bb9f737185441b1d6de"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/c0bb775f3f35b1b0d04a5b2a984f57c3e39f9e6c"
}
],
"source": {
"advisory": "GHSA-jwww-46gv-564m",
"discovery": "UNKNOWN"
},
"title": "User\u0027s bio visible even if profile is restricted in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21678",
"STATE": "PUBLIC",
"TITLE": "User\u0027s bio visible even if profile is restricted in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "\u003c 2.7.13"
},
{
"version_value": "\u003c 2.8.0.beta11"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the `tests-passed` branch, version 2.8.0.beta11 in the `beta` branch, and version 2.7.13 in the `stable` branch, the bios of users who made their profiles private were still visible in the `\u003cmeta\u003e` tags on their users\u0027 pages. The problem is patched in `tests-passed` version 2.8.0.beta11, `beta` version 2.8.0.beta11, and `stable` version 2.7.13 of Discourse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-jwww-46gv-564m",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-jwww-46gv-564m"
},
{
"name": "https://github.com/discourse/discourse/commit/5e2e178fcfb490c37b9f8bb9f737185441b1d6de",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/5e2e178fcfb490c37b9f8bb9f737185441b1d6de"
},
{
"name": "https://github.com/discourse/discourse/commit/c0bb775f3f35b1b0d04a5b2a984f57c3e39f9e6c",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/c0bb775f3f35b1b0d04a5b2a984f57c3e39f9e6c"
}
]
},
"source": {
"advisory": "GHSA-jwww-46gv-564m",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21678",
"datePublished": "2022-01-13T17:30:12.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:13:09.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21683 (GCVE-0-2022-21683)
Vulnerability from cvelistv5 – Published: 2022-01-18 17:30 – Updated: 2025-04-23 19:11- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
| URL | Tags |
|---|---|
| https://github.com/wagtail/wagtail/security/advis… | x_refsource_CONFIRM |
| https://github.com/wagtail/wagtail/commit/5fe901e… | x_refsource_MISC |
| https://github.com/wagtail/wagtail/releases/tag/v2.15.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xqxm-2rpm-3889"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wagtail/wagtail/commit/5fe901e5d86ed02dbbb63039a897582951266afd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wagtail/wagtail/releases/tag/v2.15.2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:12:09.856850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:11:16.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wagtail",
"vendor": "wagtail",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.13, \u003c 2.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that a user could listen in to new comment replies on pages they have not have editing access to, as long as they have left a comment or reply somewhere on the site. A patched version has been released as Wagtail 2.15.2, which restores the intended behaviour - to send notifications for new replies to the participants in the active thread only (editing permissions are not considered). New comments can be disabled by setting `WAGTAILADMIN_COMMENTS_ENABLED = False` in the Django settings file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-18T17:30:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xqxm-2rpm-3889"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wagtail/wagtail/commit/5fe901e5d86ed02dbbb63039a897582951266afd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wagtail/wagtail/releases/tag/v2.15.2"
}
],
"source": {
"advisory": "GHSA-xqxm-2rpm-3889",
"discovery": "UNKNOWN"
},
"title": "Comment reply notifications sent to incorrect users in wagtail",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21683",
"STATE": "PUBLIC",
"TITLE": "Comment reply notifications sent to incorrect users in wagtail"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wagtail",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.13, \u003c 2.15.2"
}
]
}
}
]
},
"vendor_name": "wagtail"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that a user could listen in to new comment replies on pages they have not have editing access to, as long as they have left a comment or reply somewhere on the site. A patched version has been released as Wagtail 2.15.2, which restores the intended behaviour - to send notifications for new replies to the participants in the active thread only (editing permissions are not considered). New comments can be disabled by setting `WAGTAILADMIN_COMMENTS_ENABLED = False` in the Django settings file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xqxm-2rpm-3889",
"refsource": "CONFIRM",
"url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-xqxm-2rpm-3889"
},
{
"name": "https://github.com/wagtail/wagtail/commit/5fe901e5d86ed02dbbb63039a897582951266afd",
"refsource": "MISC",
"url": "https://github.com/wagtail/wagtail/commit/5fe901e5d86ed02dbbb63039a897582951266afd"
},
{
"name": "https://github.com/wagtail/wagtail/releases/tag/v2.15.2",
"refsource": "MISC",
"url": "https://github.com/wagtail/wagtail/releases/tag/v2.15.2"
}
]
},
"source": {
"advisory": "GHSA-xqxm-2rpm-3889",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21683",
"datePublished": "2022-01-18T17:30:13.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:11:16.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21712 (GCVE-0-2022-21712)
Vulnerability from cvelistv5 – Published: 2022-02-07 00:00 – Updated: 2025-04-23 19:07- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
| URL | Tags |
|---|---|
| https://github.com/twisted/twisted/security/advis… | x_refsource_CONFIRM |
| https://github.com/twisted/twisted/commit/af8fe78… | x_refsource_MISC |
| https://github.com/twisted/twisted/releases/tag/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:34.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/twisted/twisted/releases/tag/twisted-22.1.0"
},
{
"name": "[debian-lts-announce] 20220219 [SECURITY] [DLA 2927-1] twisted security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00021.html"
},
{
"name": "FEDORA-2022-71b66d4747",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/"
},
{
"name": "FEDORA-2022-9a489fa494",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/"
},
{
"name": "GLSA-202301-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202301-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21712",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:57:40.600666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:07:10.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "twisted",
"vendor": "twisted",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.1.0, \u003c 22.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T22:49:07.500Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx"
},
{
"name": "https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2"
},
{
"name": "https://github.com/twisted/twisted/releases/tag/twisted-22.1.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/twisted/twisted/releases/tag/twisted-22.1.0"
}
],
"source": {
"advisory": "GHSA-92x2-jw7w-xvvx",
"discovery": "UNKNOWN"
},
"title": "Cookie and header exposure in twisted"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21712",
"datePublished": "2022-02-07T00:00:00.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:07:10.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22075 (GCVE-0-2022-22075)
Vulnerability from cvelistv5 – Published: 2023-03-07 04:43 – Updated: 2024-08-03 03:00- CWE-200 - Information Exposure
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
APQ8009
Affected: APQ8009W Affected: APQ8017 Affected: APQ8052 Affected: APQ8056 Affected: APQ8064AU Affected: APQ8076 Affected: APQ8096AU Affected: AQT1000 Affected: AR8031 Affected: AR8035 Affected: CSRA6620 Affected: CSRA6640 Affected: MDM9150 Affected: MDM9206 Affected: MDM9250 Affected: MDM9607 Affected: MDM9628 Affected: MDM9650 Affected: MSM8108 Affected: MSM8208 Affected: MSM8209 Affected: MSM8608 Affected: MSM8909W Affected: MSM8917 Affected: MSM8952 Affected: MSM8956 Affected: MSM8976 Affected: MSM8976SG Affected: MSM8996AU Affected: QAM8295P Affected: QCA6174A Affected: QCA6310 Affected: QCA6320 Affected: QCA6335 Affected: QCA6390 Affected: QCA6391 Affected: QCA6420 Affected: QCA6426 Affected: QCA6430 Affected: QCA6436 Affected: QCA6564 Affected: QCA6564A Affected: QCA6564AU Affected: QCA6574 Affected: QCA6574A Affected: QCA6574AU Affected: QCA6584AU Affected: QCA6595AU Affected: QCA6696 Affected: QCA8081 Affected: QCA8337 Affected: QCA9367 Affected: QCA9377 Affected: QCC5100 Affected: QCM2290 Affected: QCM4290 Affected: QCM6125 Affected: QCM6490 Affected: QCN7606 Affected: QCN9074 Affected: QCS2290 Affected: QCS405 Affected: QCS410 Affected: QCS4290 Affected: QCS605 Affected: QCS610 Affected: QCS6125 Affected: QCS6490 Affected: QCS8155 Affected: QCX315 Affected: QRB5165 Affected: QRB5165N Affected: QSM8250 Affected: Qualcomm215 Affected: SA4150P Affected: SA4155P Affected: SA515M Affected: SA6145P Affected: SA6150P Affected: SA6155 Affected: SA6155P Affected: SA8145P Affected: SA8150P Affected: SA8155 Affected: SA8155P Affected: SA8195P Affected: SA8295P Affected: SD 636 Affected: SD 675 Affected: SD 8 Gen1 5G Affected: SD205 Affected: SD210 Affected: SD429 Affected: SD439 Affected: SD460 Affected: SD480 Affected: SD625 Affected: SD626 Affected: SD632 Affected: SD660 Affected: SD662 Affected: SD665 Affected: SD670 Affected: SD675 Affected: SD678 Affected: SD680 Affected: SD690 5G Affected: SD695 Affected: SD710 Affected: SD720G Affected: SD730 Affected: SD750G Affected: SD765 Affected: SD765G Affected: SD768G Affected: SD778G Affected: SD780G Affected: SD820 Affected: SD821 Affected: SD835 Affected: SD845 Affected: SD855 Affected: SD865 5G Affected: SD870 Affected: SD888 Affected: SD888 5G Affected: SDA429W Affected: SDM429W Affected: SDM630 Affected: SDW2500 Affected: SDX20 Affected: SDX20M Affected: SDX24 Affected: SDX50M Affected: SDX55 Affected: SDX55M Affected: SDX65 Affected: SDXR1 Affected: SDXR2 5G Affected: SM4125 Affected: SM6250 Affected: SM7250P Affected: SM7315 Affected: SM7325P Affected: Snapdragon 4 Gen 1 Affected: SW5100 Affected: SW5100P Affected: SXR2150P Affected: WCD9326 Affected: WCD9330 Affected: WCD9335 Affected: WCD9340 Affected: WCD9341 Affected: WCD9370 Affected: WCD9375 Affected: WCD9380 Affected: WCD9385 Affected: WCN3610 Affected: WCN3615 Affected: WCN3620 Affected: WCN3660B Affected: WCN3680 Affected: WCN3680B Affected: WCN3910 Affected: WCN3950 Affected: WCN3980 Affected: WCN3988 Affected: WCN3990 Affected: WCN3991 Affected: WCN3998 Affected: WCN6740 Affected: WCN6750 Affected: WCN6850 Affected: WCN6851 Affected: WCN6855 Affected: WCN6856 Affected: WCN7850 Affected: WCN7851 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8835 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T21:10:47.239809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T21:10:53.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:55.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon Mobile",
"Snapdragon Voice \u0026 Music",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009"
},
{
"status": "affected",
"version": "APQ8009W"
},
{
"status": "affected",
"version": "APQ8017"
},
{
"status": "affected",
"version": "APQ8052"
},
{
"status": "affected",
"version": "APQ8056"
},
{
"status": "affected",
"version": "APQ8064AU"
},
{
"status": "affected",
"version": "APQ8076"
},
{
"status": "affected",
"version": "APQ8096AU"
},
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "AR8031"
},
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "CSRA6620"
},
{
"status": "affected",
"version": "CSRA6640"
},
{
"status": "affected",
"version": "MDM9150"
},
{
"status": "affected",
"version": "MDM9206"
},
{
"status": "affected",
"version": "MDM9250"
},
{
"status": "affected",
"version": "MDM9607"
},
{
"status": "affected",
"version": "MDM9628"
},
{
"status": "affected",
"version": "MDM9650"
},
{
"status": "affected",
"version": "MSM8108"
},
{
"status": "affected",
"version": "MSM8208"
},
{
"status": "affected",
"version": "MSM8209"
},
{
"status": "affected",
"version": "MSM8608"
},
{
"status": "affected",
"version": "MSM8909W"
},
{
"status": "affected",
"version": "MSM8917"
},
{
"status": "affected",
"version": "MSM8952"
},
{
"status": "affected",
"version": "MSM8956"
},
{
"status": "affected",
"version": "MSM8976"
},
{
"status": "affected",
"version": "MSM8976SG"
},
{
"status": "affected",
"version": "MSM8996AU"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6310"
},
{
"status": "affected",
"version": "QCA6320"
},
{
"status": "affected",
"version": "QCA6335"
},
{
"status": "affected",
"version": "QCA6390"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6564"
},
{
"status": "affected",
"version": "QCA6564A"
},
{
"status": "affected",
"version": "QCA6564AU"
},
{
"status": "affected",
"version": "QCA6574"
},
{
"status": "affected",
"version": "QCA6574A"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA9367"
},
{
"status": "affected",
"version": "QCA9377"
},
{
"status": "affected",
"version": "QCC5100"
},
{
"status": "affected",
"version": "QCM2290"
},
{
"status": "affected",
"version": "QCM4290"
},
{
"status": "affected",
"version": "QCM6125"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCN7606"
},
{
"status": "affected",
"version": "QCN9074"
},
{
"status": "affected",
"version": "QCS2290"
},
{
"status": "affected",
"version": "QCS405"
},
{
"status": "affected",
"version": "QCS410"
},
{
"status": "affected",
"version": "QCS4290"
},
{
"status": "affected",
"version": "QCS605"
},
{
"status": "affected",
"version": "QCS610"
},
{
"status": "affected",
"version": "QCS6125"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "QCS8155"
},
{
"status": "affected",
"version": "QCX315"
},
{
"status": "affected",
"version": "QRB5165"
},
{
"status": "affected",
"version": "QRB5165N"
},
{
"status": "affected",
"version": "QSM8250"
},
{
"status": "affected",
"version": "Qualcomm215"
},
{
"status": "affected",
"version": "SA4150P"
},
{
"status": "affected",
"version": "SA4155P"
},
{
"status": "affected",
"version": "SA515M"
},
{
"status": "affected",
"version": "SA6145P"
},
{
"status": "affected",
"version": "SA6150P"
},
{
"status": "affected",
"version": "SA6155"
},
{
"status": "affected",
"version": "SA6155P"
},
{
"status": "affected",
"version": "SA8145P"
},
{
"status": "affected",
"version": "SA8150P"
},
{
"status": "affected",
"version": "SA8155"
},
{
"status": "affected",
"version": "SA8155P"
},
{
"status": "affected",
"version": "SA8195P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SD 636"
},
{
"status": "affected",
"version": "SD 675"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD205"
},
{
"status": "affected",
"version": "SD210"
},
{
"status": "affected",
"version": "SD429"
},
{
"status": "affected",
"version": "SD439"
},
{
"status": "affected",
"version": "SD460"
},
{
"status": "affected",
"version": "SD480"
},
{
"status": "affected",
"version": "SD625"
},
{
"status": "affected",
"version": "SD626"
},
{
"status": "affected",
"version": "SD632"
},
{
"status": "affected",
"version": "SD660"
},
{
"status": "affected",
"version": "SD662"
},
{
"status": "affected",
"version": "SD665"
},
{
"status": "affected",
"version": "SD670"
},
{
"status": "affected",
"version": "SD675"
},
{
"status": "affected",
"version": "SD678"
},
{
"status": "affected",
"version": "SD680"
},
{
"status": "affected",
"version": "SD690 5G"
},
{
"status": "affected",
"version": "SD695"
},
{
"status": "affected",
"version": "SD710"
},
{
"status": "affected",
"version": "SD720G"
},
{
"status": "affected",
"version": "SD730"
},
{
"status": "affected",
"version": "SD750G"
},
{
"status": "affected",
"version": "SD765"
},
{
"status": "affected",
"version": "SD765G"
},
{
"status": "affected",
"version": "SD768G"
},
{
"status": "affected",
"version": "SD778G"
},
{
"status": "affected",
"version": "SD780G"
},
{
"status": "affected",
"version": "SD820"
},
{
"status": "affected",
"version": "SD821"
},
{
"status": "affected",
"version": "SD835"
},
{
"status": "affected",
"version": "SD845"
},
{
"status": "affected",
"version": "SD855"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SD870"
},
{
"status": "affected",
"version": "SD888"
},
{
"status": "affected",
"version": "SD888 5G"
},
{
"status": "affected",
"version": "SDA429W"
},
{
"status": "affected",
"version": "SDM429W"
},
{
"status": "affected",
"version": "SDM630"
},
{
"status": "affected",
"version": "SDW2500"
},
{
"status": "affected",
"version": "SDX20"
},
{
"status": "affected",
"version": "SDX20M"
},
{
"status": "affected",
"version": "SDX24"
},
{
"status": "affected",
"version": "SDX50M"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SDX55M"
},
{
"status": "affected",
"version": "SDX65"
},
{
"status": "affected",
"version": "SDXR1"
},
{
"status": "affected",
"version": "SDXR2 5G"
},
{
"status": "affected",
"version": "SM4125"
},
{
"status": "affected",
"version": "SM6250"
},
{
"status": "affected",
"version": "SM7250P"
},
{
"status": "affected",
"version": "SM7315"
},
{
"status": "affected",
"version": "SM7325P"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 1"
},
{
"status": "affected",
"version": "SW5100"
},
{
"status": "affected",
"version": "SW5100P"
},
{
"status": "affected",
"version": "SXR2150P"
},
{
"status": "affected",
"version": "WCD9326"
},
{
"status": "affected",
"version": "WCD9330"
},
{
"status": "affected",
"version": "WCD9335"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3610"
},
{
"status": "affected",
"version": "WCN3615"
},
{
"status": "affected",
"version": "WCN3620"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3910"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN3990"
},
{
"status": "affected",
"version": "WCN3991"
},
{
"status": "affected",
"version": "WCN3998"
},
{
"status": "affected",
"version": "WCN6740"
},
{
"status": "affected",
"version": "WCN6750"
},
{
"status": "affected",
"version": "WCN6850"
},
{
"status": "affected",
"version": "WCN6851"
},
{
"status": "affected",
"version": "WCN6855"
},
{
"status": "affected",
"version": "WCN6856"
},
{
"status": "affected",
"version": "WCN7850"
},
{
"status": "affected",
"version": "WCN7851"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information Disclosure in Graphics during GPU context switch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:30:03.441Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin"
}
],
"title": "Information Exposure in Graphics"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2022-22075",
"datePublished": "2023-03-07T04:43:13.349Z",
"dateReserved": "2021-12-21T09:16:35.470Z",
"dateUpdated": "2024-08-03T03:00:55.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22183 (GCVE-0-2022-22183)
Vulnerability from cvelistv5 – Published: 2022-04-14 15:50 – Updated: 2024-09-16 20:13| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA69516 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
20.4 , < 20.4R3-S2-EVO
(custom)
Affected: 21.1 , < 21.1R3-S1-EVO (custom) Affected: 21.2 , < 21.2R3-EVO (custom) Affected: 21.3 , < 21.3R2-EVO (custom) Affected: 21.4 , < 21.4R2-EVO (custom) |
|
| Juniper Networks | Junos OS |
Unaffected:
Any
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "20.4R3-S2-EVO",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R3-S1-EVO",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R3-EVO",
"status": "affected",
"version": "21.2",
"versionType": "custom"
},
{
"lessThan": "21.3R2-EVO",
"status": "affected",
"version": "21.3",
"versionType": "custom"
},
{
"lessThan": "21.4R2-EVO",
"status": "affected",
"version": "21.4",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "unaffected",
"version": "Any"
}
]
}
],
"datePublic": "2022-04-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-16",
"description": "CWE-16 Configuration",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T15:50:40.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA69516"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S2-EVO, 21.1R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R2-EVO, 22.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69516",
"defect": [
"1636338"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: A remote attacker may cause a CPU Denial of Service by sending genuine traffic to a device on a specific IPv4 port.",
"workarounds": [
{
"lang": "en",
"value": "There are no available workarounds for this issue.\n\nTo reduce the risk of exploitation customers may enable loopback firewall filters on the device to drop unnecessary connections and traffic from untrusted networks and devices."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-04-13T16:00:00.000Z",
"ID": "CVE-2022-22183",
"STATE": "PUBLIC",
"TITLE": "Junos OS Evolved: A remote attacker may cause a CPU Denial of Service by sending genuine traffic to a device on a specific IPv4 port."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS Evolved",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3-S2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R3-S1-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R3-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.3",
"version_value": "21.3R2-EVO"
},
{
"version_affected": "\u003c",
"version_name": "21.4",
"version_value": "21.4R2-EVO"
}
]
}
},
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "!",
"version_value": "Any"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-16 Configuration"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA69516",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA69516"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 20.4R3-S2-EVO, 21.1R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R2-EVO, 22.1R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69516",
"defect": [
"1636338"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no available workarounds for this issue.\n\nTo reduce the risk of exploitation customers may enable loopback firewall filters on the device to drop unnecessary connections and traffic from untrusted networks and devices."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22183",
"datePublished": "2022-04-14T15:50:40.506Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:13:18.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2221 (GCVE-0-2022-2221)
Vulnerability from cvelistv5 – Published: 2022-06-27 18:38 – Updated: 2024-08-03 00:32- CWE-200 - Information Exposure
| URL | Tags |
|---|---|
| https://devolutions.net/security/advisories/DEVO-… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Devolutions | Remote Desktop Manager |
Affected:
2022.1.8 , < 2022.1.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://devolutions.net/security/advisories/DEVO-2022-0004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Remote Desktop Manager",
"vendor": "Devolutions",
"versions": [
{
"lessThan": "2022.1.8",
"status": "affected",
"version": "2022.1.8",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T18:38:57.000Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://devolutions.net/security/advisories/DEVO-2022-0004"
}
],
"source": {
"advisory": "DEVO-2022-0004",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@devolutions.net",
"ID": "CVE-2022-2221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Remote Desktop Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2022.1.8",
"version_value": "2022.1.8"
}
]
}
}
]
},
"vendor_name": "Devolutions"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://devolutions.net/security/advisories/DEVO-2022-0004",
"refsource": "MISC",
"url": "https://devolutions.net/security/advisories/DEVO-2022-0004"
}
]
},
"source": {
"advisory": "DEVO-2022-0004",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2022-2221",
"datePublished": "2022-06-27T18:38:57.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:08.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22216 (GCVE-0-2022-22216)
Vulnerability from cvelistv5 – Published: 2022-07-20 14:15 – Updated: 2024-09-16 18:24- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA69720 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 18.4R3-S11
(custom)
Affected: 19.1 , < 19.1R2-S3, 19.1R3-S7 (custom) Affected: 19.2 , < 19.2R1-S8, 19.2R3-S4 (custom) Affected: 19.3 , < 19.3R3-S4 (custom) Affected: 19.4 , < 19.4R2-S5, 19.4R3-S6 (custom) Affected: 20.1 , < 20.1R3-S2 (custom) Affected: 20.2 , < 20.2R3-S3 (custom) Affected: 20.3 , < 20.3R3-S2 (custom) Affected: 20.4 , < 20.4R3-S4 (custom) Affected: 21.1 , < 21.1R2-S1, 21.1R3 (custom) Affected: 21.2 , < 21.2R1-S1, 21.2R2 (custom) |
|
| Juniper Networks | Junos OS |
Affected:
unspecified , < 18.3R3-S6
(custom)
Affected: 18.4 , < 18.4R2-S9, 18.4R3-S10 (custom) Affected: 19.1 , < 19.1R2-S3, 19.1R3-S7 (custom) Affected: 19.2 , < 19.2R1-S8, 19.2R3-S4 (custom) Affected: 19.3 , < 19.3R3-S4 (custom) Affected: 19.4 , < 19.4R2-S6, 19.4R3-S6 (custom) Affected: 20.1 , < 20.1R3-S2 (custom) Affected: 20.2 , < 20.2R3-S3 (custom) Affected: 20.3 , < 20.3R3-S1 (custom) Affected: 20.4 , < 20.4R3-S1 (custom) Affected: 21.1 , < 21.1R2-S1, 21.1R3 (custom) Affected: 21.2 , < 21.2R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA69720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"PTX1000, PTX10000 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.4R3-S11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S3, 19.1R3-S7",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S8, 19.2R3-S4",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S4",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S5, 19.4R3-S6",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3-S2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S2",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S4",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2-S1, 21.1R3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R1-S1, 21.2R2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
},
{
"platforms": [
"QFX10000 Series, PTX5000 Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "18.3R3-S6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S9, 18.4R3-S10",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S3, 19.1R3-S7",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S8, 19.2R3-S4",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3-S4",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R2-S6, 19.4R3-S6",
"status": "affected",
"version": "19.4",
"versionType": "custom"
},
{
"lessThan": "20.1R3-S2",
"status": "affected",
"version": "20.1",
"versionType": "custom"
},
{
"lessThan": "20.2R3-S3",
"status": "affected",
"version": "20.2",
"versionType": "custom"
},
{
"lessThan": "20.3R3-S1",
"status": "affected",
"version": "20.3",
"versionType": "custom"
},
{
"lessThan": "20.4R3-S1",
"status": "affected",
"version": "20.4",
"versionType": "custom"
},
{
"lessThan": "21.1R2-S1, 21.1R3",
"status": "affected",
"version": "21.1",
"versionType": "custom"
},
{
"lessThan": "21.2R2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain access to sensitive information. PTX1000 and PTX10000 Series, and QFX10000 Series and PTX5000 Series devices sometimes do not reliably pad Ethernet packets, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027 and often detected as CVE-2003-0001. This issue affects: Juniper Networks Junos OS on PTX1000 and PTX10000 Series: All versions prior to 18.4R3-S11; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. Juniper Networks Junos OS on QFX10000 Series and PTX5000 Series: All versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T14:15:41.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA69720"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue for Junos OS on PTX1000 and PTX10000 Series: 18.4R3-S11, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R3-S4, 19.4R2-S5, 19.4R3-S6, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R2-S1, 21.1R3, 21.2R1-S1, 21.2R2, 21.2R3, 21.3R1, and all subsequent releases.\n\nThe following software releases have been updated to resolve this specific issue for Junos OS on QFX10000 Series and PTX5000 Series: 18.3R3-S6 ,18.4R2-S9, 18.4R3-S10, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R3-S4, 19.4R2-S6, 19.4R3-S6, 20.1R3-S2, 20.2R3-S3, 20.3R3-S1, 20.4R3-S1, 21.1R2-S1, 21.1R3, 21.2R2, 21.2R3, 21.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69720",
"defect": [
"1603656",
"1609376"
],
"discovery": "USER"
},
"title": "Junos OS: PTX Series and QFX10000 Series: \u0027Etherleak\u0027 memory disclosure in Ethernet padding data",
"workarounds": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2022-07-13T07:00:00.000Z",
"ID": "CVE-2022-22216",
"STATE": "PUBLIC",
"TITLE": "Junos OS: PTX Series and QFX10000 Series: \u0027Etherleak\u0027 memory disclosure in Ethernet padding data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "PTX1000, PTX10000 Series",
"version_affected": "\u003c",
"version_value": "18.4R3-S11"
},
{
"platform": "PTX1000, PTX10000 Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"platform": "PTX1000, PTX10000 Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"platform": "PTX1000, PTX10000 Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S4"
},
{
"platform": "PTX1000, PTX10000 Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S5, 19.4R3-S6"
},
{
"platform": "PTX1000, PTX10000 Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3-S2"
},
{
"platform": "PTX1000, PTX10000 Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"platform": "PTX1000, PTX10000 Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3-S2"
},
{
"platform": "PTX1000, PTX10000 Series",
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3-S4"
},
{
"platform": "PTX1000, PTX10000 Series",
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2-S1, 21.1R3"
},
{
"platform": "PTX1000, PTX10000 Series",
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R1-S1, 21.2R2"
}
]
}
},
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "QFX10000 Series, PTX5000 Series",
"version_affected": "\u003c",
"version_value": "18.3R3-S6"
},
{
"platform": "QFX10000 Series, PTX5000 Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S9, 18.4R3-S10"
},
{
"platform": "QFX10000 Series, PTX5000 Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S3, 19.1R3-S7"
},
{
"platform": "QFX10000 Series, PTX5000 Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S8, 19.2R3-S4"
},
{
"platform": "QFX10000 Series, PTX5000 Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3-S4"
},
{
"platform": "QFX10000 Series, PTX5000 Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R2-S6, 19.4R3-S6"
},
{
"platform": "QFX10000 Series, PTX5000 Series",
"version_affected": "\u003c",
"version_name": "20.1",
"version_value": "20.1R3-S2"
},
{
"platform": "QFX10000 Series, PTX5000 Series",
"version_affected": "\u003c",
"version_name": "20.2",
"version_value": "20.2R3-S3"
},
{
"platform": "QFX10000 Series, PTX5000 Series",
"version_affected": "\u003c",
"version_name": "20.3",
"version_value": "20.3R3-S1"
},
{
"platform": "QFX10000 Series, PTX5000 Series",
"version_affected": "\u003c",
"version_name": "20.4",
"version_value": "20.4R3-S1"
},
{
"platform": "QFX10000 Series, PTX5000 Series",
"version_affected": "\u003c",
"version_name": "21.1",
"version_value": "21.1R2-S1, 21.1R3"
},
{
"platform": "QFX10000 Series, PTX5000 Series",
"version_affected": "\u003c",
"version_name": "21.2",
"version_value": "21.2R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain access to sensitive information. PTX1000 and PTX10000 Series, and QFX10000 Series and PTX5000 Series devices sometimes do not reliably pad Ethernet packets, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as \u0027Etherleak\u0027 and often detected as CVE-2003-0001. This issue affects: Juniper Networks Junos OS on PTX1000 and PTX10000 Series: All versions prior to 18.4R3-S11; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. Juniper Networks Junos OS on QFX10000 Series and PTX5000 Series: All versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA69720",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA69720"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue for Junos OS on PTX1000 and PTX10000 Series: 18.4R3-S11, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R3-S4, 19.4R2-S5, 19.4R3-S6, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R2-S1, 21.1R3, 21.2R1-S1, 21.2R2, 21.2R3, 21.3R1, and all subsequent releases.\n\nThe following software releases have been updated to resolve this specific issue for Junos OS on QFX10000 Series and PTX5000 Series: 18.3R3-S6 ,18.4R2-S9, 18.4R3-S10, 19.1R2-S3, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.3R3-S4, 19.4R2-S6, 19.4R3-S6, 20.1R3-S2, 20.2R3-S3, 20.3R3-S1, 20.4R3-S1, 21.1R2-S1, 21.1R3, 21.2R2, 21.2R3, 21.3R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA69720",
"defect": [
"1603656",
"1609376"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no known workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2022-22216",
"datePublished": "2022-07-20T14:15:41.890Z",
"dateReserved": "2021-12-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:24:21.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22276 (GCVE-0-2022-22276)
Vulnerability from cvelistv5 – Published: 2022-04-27 16:25 – Updated: 2024-08-03 03:07- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
| URL | Tags |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SN… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| SonicWall | SonicOS |
Affected:
SonicOS Gen 7 TZ-Series 7.0.1-5030-R2007 and earlier versions.
Affected: SonicOS Gen 7 NSa-Series 7.0.1-5030-R2007 and earlier versions. Affected: SonicOS Gen 7 NSv-Series 7.0.1.0-5030-1391 and earlier versions. Affected: SonicOS Gen 7 NSsp-Series 7.0.1-5030-R780 and earlier versions. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "SonicOS Gen 7 TZ-Series 7.0.1-5030-R2007 and earlier versions."
},
{
"status": "affected",
"version": "SonicOS Gen 7 NSa-Series 7.0.1-5030-R2007 and earlier versions."
},
{
"status": "affected",
"version": "SonicOS Gen 7 NSv-Series 7.0.1.0-5030-1391 and earlier versions."
},
{
"status": "affected",
"version": "SonicOS Gen 7 NSsp-Series 7.0.1-5030-R780 and earlier versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T16:25:15.000Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2022-22276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicOS",
"version": {
"version_data": [
{
"version_value": "SonicOS Gen 7 TZ-Series 7.0.1-5030-R2007 and earlier versions."
},
{
"version_value": "SonicOS Gen 7 NSa-Series 7.0.1-5030-R2007 and earlier versions."
},
{
"version_value": "SonicOS Gen 7 NSv-Series 7.0.1.0-5030-1391 and earlier versions."
},
{
"version_value": "SonicOS Gen 7 NSsp-Series 7.0.1-5030-R780 and earlier versions."
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2022-22276",
"datePublished": "2022-04-27T16:25:15.000Z",
"dateReserved": "2021-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:07:50.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22277 (GCVE-0-2022-22277)
Vulnerability from cvelistv5 – Published: 2022-04-27 16:25 – Updated: 2024-08-03 03:07- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
| URL | Tags |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SN… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| SonicWall | SonicOS |
Affected:
SonicOS Gen 7 TZ-Series 7.0.1-5030-R2007 and earlier versions.
Affected: SonicOS Gen 7 NSa-Series 7.0.1-5030-R2007 and earlier versions. Affected: SonicOS Gen 7 NSv-Series 7.0.1.0-5030-1391 and earlier versions. Affected: SonicOS Gen 7 NSsp-Series 7.0.1-5030-R780 and earlier versions. Affected: SonicOS Gen 6 6.5.4.9-93n and earlier versions. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "SonicOS Gen 7 TZ-Series 7.0.1-5030-R2007 and earlier versions."
},
{
"status": "affected",
"version": "SonicOS Gen 7 NSa-Series 7.0.1-5030-R2007 and earlier versions."
},
{
"status": "affected",
"version": "SonicOS Gen 7 NSv-Series 7.0.1.0-5030-1391 and earlier versions."
},
{
"status": "affected",
"version": "SonicOS Gen 7 NSsp-Series 7.0.1-5030-R780 and earlier versions."
},
{
"status": "affected",
"version": "SonicOS Gen 6 6.5.4.9-93n and earlier versions."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T16:25:16.000Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2022-22277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicOS",
"version": {
"version_data": [
{
"version_value": "SonicOS Gen 7 TZ-Series 7.0.1-5030-R2007 and earlier versions."
},
{
"version_value": "SonicOS Gen 7 NSa-Series 7.0.1-5030-R2007 and earlier versions."
},
{
"version_value": "SonicOS Gen 7 NSv-Series 7.0.1.0-5030-1391 and earlier versions."
},
{
"version_value": "SonicOS Gen 7 NSsp-Series 7.0.1-5030-R780 and earlier versions."
},
{
"version_value": "SonicOS Gen 6 6.5.4.9-93n and earlier versions."
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2022-22277",
"datePublished": "2022-04-27T16:25:16.000Z",
"dateReserved": "2021-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:07:50.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22337 (GCVE-0-2022-22337)
Vulnerability from cvelistv5 – Published: 2023-01-04 17:50 – Updated: 2025-04-10 13:50- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6852459 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Sterling B2B Integrator Standard Edition |
Affected:
6.0.0.0 , < 6.1.2.1
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6852459"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219507"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-22337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T13:49:55.591328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T13:50:10.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator Standard Edition",
"vendor": "IBM",
"versions": [
{
"lessThan": "6.1.2.1",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507."
}
],
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could disclose sensitive information to an authenticated user. IBM X-Force ID: 219507."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-04T17:50:06.533Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6852459"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/219507"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator Standard Edition information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22337",
"datePublished": "2023-01-04T17:50:06.533Z",
"dateReserved": "2022-01-03T22:29:20.918Z",
"dateUpdated": "2025-04-10T13:50:10.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-46
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-116: Excavation
An adversary actively probes the target in a manner that is designed to solicit information that could be leveraged for malicious purposes.
CAPEC-13: Subverting Environment Variable Values
The adversary directly or indirectly modifies environment variables used by or controlling the target software. The adversary's goal is to cause the target software to deviate from its expected operation in a manner that benefits the adversary.
CAPEC-169: Footprinting
An adversary engages in probing and exploration activities to identify constituents and properties of the target.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-224: Fingerprinting
An adversary compares output from a target system to known indicators that uniquely identify specific details about the target. Most commonly, fingerprinting is done to determine operating system and application versions. Fingerprinting can be done passively as well as actively. Fingerprinting by itself is not usually detrimental to the target. However, the information gathered through fingerprinting often enables an adversary to discover existing weaknesses in the target.
CAPEC-285: ICMP Echo Request Ping
An adversary sends out an ICMP Type 8 Echo Request, commonly known as a 'Ping', in order to determine if a target system is responsive. If the request is not blocked by a firewall or ACL, the target host will respond with an ICMP Type 0 Echo Reply datagram. This type of exchange is usually referred to as a 'Ping' due to the Ping utility present in almost all operating systems. Ping, as commonly implemented, allows a user to test for alive hosts, measure round-trip time, and measure the percentage of packet loss.
CAPEC-287: TCP SYN Scan
An adversary uses a SYN scan to determine the status of ports on the remote target. SYN scanning is the most common type of port scanning that is used because of its many advantages and few drawbacks. As a result, novice attackers tend to overly rely on the SYN scan while performing system reconnaissance. As a scanning method, the primary advantages of SYN scanning are its universality and speed.
CAPEC-290: Enumerate Mail Exchange (MX) Records
An adversary enumerates the MX records for a given via a DNS query. This type of information gathering returns the names of mail servers on the network. Mail servers are often not exposed to the Internet but are located within the DMZ of a network protected by a firewall. A side effect of this configuration is that enumerating the MX records for an organization my reveal the IP address of the firewall or possibly other internal systems. Attackers often resort to MX record enumeration when a DNS Zone Transfer is not possible.
CAPEC-291: DNS Zone Transfers
An attacker exploits a DNS misconfiguration that permits a ZONE transfer. Some external DNS servers will return a list of IP address and valid hostnames. Under certain conditions, it may even be possible to obtain Zone data about the organization's internal network. When successful the attacker learns valuable information about the topology of the target organization, including information about particular servers, their role within the IT structure, and possibly information about the operating systems running upon the network. This is configuration dependent behavior so it may also be required to search out multiple DNS servers while attempting to find one with ZONE transfers allowed.
CAPEC-292: Host Discovery
An adversary sends a probe to an IP address to determine if the host is alive. Host discovery is one of the earliest phases of network reconnaissance. The adversary usually starts with a range of IP addresses belonging to a target network and uses various methods to determine if a host is present at that IP address. Host discovery is usually referred to as 'Ping' scanning using a sonar analogy. The goal is to send a packet through to the IP address and solicit a response from the host. As such, a 'ping' can be virtually any crafted packet whatsoever, provided the adversary can identify a functional host based on its response. An attack of this nature is usually carried out with a 'ping sweep,' where a particular kind of ping is sent to a range of IP addresses.
CAPEC-293: Traceroute Route Enumeration
An adversary uses a traceroute utility to map out the route which data flows through the network in route to a target destination. Tracerouting can allow the adversary to construct a working topology of systems and routers by listing the systems through which data passes through on their way to the targeted machine. This attack can return varied results depending upon the type of traceroute that is performed. Traceroute works by sending packets to a target while incrementing the Time-to-Live field in the packet header. As the packet traverses each hop along its way to the destination, its TTL expires generating an ICMP diagnostic message that identifies where the packet expired. Traditional techniques for tracerouting involved the use of ICMP and UDP, but as more firewalls began to filter ingress ICMP, methods of traceroute using TCP were developed.
CAPEC-294: ICMP Address Mask Request
An adversary sends an ICMP Type 17 Address Mask Request to gather information about a target's networking configuration. ICMP Address Mask Requests are defined by RFC-950, "Internet Standard Subnetting Procedure." An Address Mask Request is an ICMP type 17 message that triggers a remote system to respond with a list of its related subnets, as well as its default gateway and broadcast address via an ICMP type 18 Address Mask Reply datagram. Gathering this type of information helps the adversary plan router-based attacks as well as denial-of-service attacks against the broadcast address.
CAPEC-295: Timestamp Request
This pattern of attack leverages standard requests to learn the exact time associated with a target system. An adversary may be able to use the timestamp returned from the target to attack time-based security algorithms, such as random number generators, or time-based authentication mechanisms.
CAPEC-296: ICMP Information Request
An adversary sends an ICMP Information Request to a host to determine if it will respond to this deprecated mechanism. ICMP Information Requests are a deprecated message type. Information Requests were originally used for diskless machines to automatically obtain their network configuration, but this message type has been superseded by more robust protocol implementations like DHCP.
CAPEC-297: TCP ACK Ping
An adversary sends a TCP segment with the ACK flag set to a remote host for the purpose of determining if the host is alive. This is one of several TCP 'ping' types. The RFC 793 expected behavior for a service is to respond with a RST 'reset' packet to any unsolicited ACK segment that is not part of an existing connection. So by sending an ACK segment to a port, the adversary can identify that the host is alive by looking for a RST packet. Typically, a remote server will respond with a RST regardless of whether a port is open or closed. In this way, TCP ACK pings cannot discover the state of a remote port because the behavior is the same in either case. The firewall will look up the ACK packet in its state-table and discard the segment because it does not correspond to any active connection. A TCP ACK Ping can be used to discover if a host is alive via RST response packets sent from the host.
CAPEC-298: UDP Ping
An adversary sends a UDP datagram to the remote host to determine if the host is alive. If a UDP datagram is sent to an open UDP port there is very often no response, so a typical strategy for using a UDP ping is to send the datagram to a random high port on the target. The goal is to solicit an 'ICMP port unreachable' message from the target, indicating that the host is alive. UDP pings are useful because some firewalls are not configured to block UDP datagrams sent to strange or typically unused ports, like ports in the 65K range. Additionally, while some firewalls may filter incoming ICMP, weaknesses in firewall rule-sets may allow certain types of ICMP (host unreachable, port unreachable) which are useful for UDP ping attempts.
CAPEC-299: TCP SYN Ping
An adversary uses TCP SYN packets as a means towards host discovery. Typical RFC 793 behavior specifies that when a TCP port is open, a host must respond to an incoming SYN "synchronize" packet by completing stage two of the 'three-way handshake' - by sending an SYN/ACK in response. When a port is closed, RFC 793 behavior is to respond with a RST "reset" packet. This behavior can be used to 'ping' a target to see if it is alive by sending a TCP SYN packet to a port and then looking for a RST or an ACK packet in response.
CAPEC-300: Port Scanning
An adversary uses a combination of techniques to determine the state of the ports on a remote target. Any service or application available for TCP or UDP networking will have a port open for communications over the network.
CAPEC-301: TCP Connect Scan
An adversary uses full TCP connection attempts to determine if a port is open on the target system. The scanning process involves completing a 'three-way handshake' with a remote port, and reports the port as closed if the full handshake cannot be established. An advantage of TCP connect scanning is that it works against any TCP/IP stack.
CAPEC-302: TCP FIN Scan
An adversary uses a TCP FIN scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with the FIN bit set in the packet header. The RFC 793 expected behavior is that any TCP segment with an out-of-state Flag sent to an open port is discarded, whereas segments with out-of-state flags sent to closed ports should be handled with a RST in response. This behavior should allow the adversary to scan for closed ports by sending certain types of rule-breaking packets (out of sync or disallowed by the TCB) and detect closed ports via RST packets.
CAPEC-303: TCP Xmas Scan
An adversary uses a TCP XMAS scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with all possible flags set in the packet header, generating packets that are illegal based on RFC 793. The RFC 793 expected behavior is that any TCP segment with an out-of-state Flag sent to an open port is discarded, whereas segments with out-of-state flags sent to closed ports should be handled with a RST in response. This behavior should allow an attacker to scan for closed ports by sending certain types of rule-breaking packets (out of sync or disallowed by the TCB) and detect closed ports via RST packets.
CAPEC-304: TCP Null Scan
An adversary uses a TCP NULL scan to determine if ports are closed on the target machine. This scan type is accomplished by sending TCP segments with no flags in the packet header, generating packets that are illegal based on RFC 793. The RFC 793 expected behavior is that any TCP segment with an out-of-state Flag sent to an open port is discarded, whereas segments with out-of-state flags sent to closed ports should be handled with a RST in response. This behavior should allow an attacker to scan for closed ports by sending certain types of rule-breaking packets (out of sync or disallowed by the TCB) and detect closed ports via RST packets.
CAPEC-305: TCP ACK Scan
An adversary uses TCP ACK segments to gather information about firewall or ACL configuration. The purpose of this type of scan is to discover information about filter configurations rather than port state. This type of scanning is rarely useful alone, but when combined with SYN scanning, gives a more complete picture of the type of firewall rules that are present.
CAPEC-306: TCP Window Scan
An adversary engages in TCP Window scanning to analyze port status and operating system type. TCP Window scanning uses the ACK scanning method but examine the TCP Window Size field of response RST packets to make certain inferences. While TCP Window Scans are fast and relatively stealthy, they work against fewer TCP stack implementations than any other type of scan. Some operating systems return a positive TCP window size when a RST packet is sent from an open port, and a negative value when the RST originates from a closed port. TCP Window scanning is one of the most complex scan types, and its results are difficult to interpret. Window scanning alone rarely yields useful information, but when combined with other types of scanning is more useful. It is a generally more reliable means of making inference about operating system versions than port status.
CAPEC-307: TCP RPC Scan
An adversary scans for RPC services listing on a Unix/Linux host.
CAPEC-308: UDP Scan
An adversary engages in UDP scanning to gather information about UDP port status on the target system. UDP scanning methods involve sending a UDP datagram to the target port and looking for evidence that the port is closed. Open UDP ports usually do not respond to UDP datagrams as there is no stateful mechanism within the protocol that requires building or establishing a session. Responses to UDP datagrams are therefore application specific and cannot be relied upon as a method of detecting an open port. UDP scanning relies heavily upon ICMP diagnostic messages in order to determine the status of a remote port.
CAPEC-309: Network Topology Mapping
An adversary engages in scanning activities to map network nodes, hosts, devices, and routes. Adversaries usually perform this type of network reconnaissance during the early stages of attack against an external network. Many types of scanning utilities are typically employed, including ICMP tools, network mappers, port scanners, and route testing utilities such as traceroute.
CAPEC-310: Scanning for Vulnerable Software
An attacker engages in scanning activity to find vulnerable software versions or types, such as operating system versions or network services. Vulnerable or exploitable network configurations, such as improperly firewalled systems, or misconfigured systems in the DMZ or external network, provide windows of opportunity for an attacker. Common types of vulnerable software include unpatched operating systems or services (e.g FTP, Telnet, SMTP, SNMP) running on open ports that the attacker has identified. Attackers usually begin probing for vulnerable software once the external network has been port scanned and potential targets have been revealed.
CAPEC-312: Active OS Fingerprinting
An adversary engages in activity to detect the operating system or firmware version of a remote target by interrogating a device, server, or platform with a probe designed to solicit behavior that will reveal information about the operating systems or firmware in the environment. Operating System detection is possible because implementations of common protocols (Such as IP or TCP) differ in distinct ways. While the implementation differences are not sufficient to 'break' compatibility with the protocol the differences are detectable because the target will respond in unique ways to specific probing activity that breaks the semantic or logical rules of packet construction for a protocol. Different operating systems will have a unique response to the anomalous input, providing the basis to fingerprint the OS behavior. This type of OS fingerprinting can distinguish between operating system types and versions.
CAPEC-313: Passive OS Fingerprinting
An adversary engages in activity to detect the version or type of OS software in a an environment by passively monitoring communication between devices, nodes, or applications. Passive techniques for operating system detection send no actual probes to a target, but monitor network or client-server communication between nodes in order to identify operating systems based on observed behavior as compared to a database of known signatures or values. While passive OS fingerprinting is not usually as reliable as active methods, it is generally better able to evade detection.
CAPEC-317: IP ID Sequencing Probe
This OS fingerprinting probe analyzes the IP 'ID' field sequence number generation algorithm of a remote host. Operating systems generate IP 'ID' numbers differently, allowing an attacker to identify the operating system of the host by examining how is assigns ID numbers when generating response packets. RFC 791 does not specify how ID numbers are chosen or their ranges, so ID sequence generation differs from implementation to implementation. There are two kinds of IP 'ID' sequence number analysis - IP 'ID' Sequencing: analyzing the IP 'ID' sequence generation algorithm for one protocol used by a host and Shared IP 'ID' Sequencing: analyzing the packet ordering via IP 'ID' values spanning multiple protocols, such as between ICMP and TCP.
CAPEC-318: IP 'ID' Echoed Byte-Order Probe
This OS fingerprinting probe tests to determine if the remote host echoes back the IP 'ID' value from the probe packet. An attacker sends a UDP datagram with an arbitrary IP 'ID' value to a closed port on the remote host to observe the manner in which this bit is echoed back in the ICMP error message. The identification field (ID) is typically utilized for reassembling a fragmented packet. Some operating systems or router firmware reverse the bit order of the ID field when echoing the IP Header portion of the original datagram within an ICMP error message.
CAPEC-319: IP (DF) 'Don't Fragment Bit' Echoing Probe
This OS fingerprinting probe tests to determine if the remote host echoes back the IP 'DF' (Don't Fragment) bit in a response packet. An attacker sends a UDP datagram with the DF bit set to a closed port on the remote host to observe whether the 'DF' bit is set in the response packet. Some operating systems will echo the bit in the ICMP error message while others will zero out the bit in the response packet.
CAPEC-320: TCP Timestamp Probe
This OS fingerprinting probe examines the remote server's implementation of TCP timestamps. Not all operating systems implement timestamps within the TCP header, but when timestamps are used then this provides the attacker with a means to guess the operating system of the target. The attacker begins by probing any active TCP service in order to get response which contains a TCP timestamp. Different Operating systems update the timestamp value using different intervals. This type of analysis is most accurate when multiple timestamp responses are received and then analyzed. TCP timestamps can be found in the TCP Options field of the TCP header.
CAPEC-321: TCP Sequence Number Probe
This OS fingerprinting probe tests the target system's assignment of TCP sequence numbers. One common way to test TCP Sequence Number generation is to send a probe packet to an open port on the target and then compare the how the Sequence Number generated by the target relates to the Acknowledgement Number in the probe packet. Different operating systems assign Sequence Numbers differently, so a fingerprint of the operating system can be obtained by categorizing the relationship between the acknowledgement number and sequence number as follows: 1) the Sequence Number generated by the target is Zero, 2) the Sequence Number generated by the target is the same as the acknowledgement number in the probe, 3) the Sequence Number generated by the target is the acknowledgement number plus one, or 4) the Sequence Number is any other non-zero number.
CAPEC-322: TCP (ISN) Greatest Common Divisor Probe
This OS fingerprinting probe sends a number of TCP SYN packets to an open port of a remote machine. The Initial Sequence Number (ISN) in each of the SYN/ACK response packets is analyzed to determine the smallest number that the target host uses when incrementing sequence numbers. This information can be useful for identifying an operating system because particular operating systems and versions increment sequence numbers using different values. The result of the analysis is then compared against a database of OS behaviors to determine the OS type and/or version.
CAPEC-323: TCP (ISN) Counter Rate Probe
This OS detection probe measures the average rate of initial sequence number increments during a period of time. Sequence numbers are incremented using a time-based algorithm and are susceptible to a timing analysis that can determine the number of increments per unit time. The result of this analysis is then compared against a database of operating systems and versions to determine likely operation system matches.
CAPEC-324: TCP (ISN) Sequence Predictability Probe
This type of operating system probe attempts to determine an estimate for how predictable the sequence number generation algorithm is for a remote host. Statistical techniques, such as standard deviation, can be used to determine how predictable the sequence number generation is for a system. This result can then be compared to a database of operating system behaviors to determine a likely match for operating system and version.
CAPEC-325: TCP Congestion Control Flag (ECN) Probe
This OS fingerprinting probe checks to see if the remote host supports explicit congestion notification (ECN) messaging. ECN messaging was designed to allow routers to notify a remote host when signal congestion problems are occurring. Explicit Congestion Notification messaging is defined by RFC 3168. Different operating systems and versions may or may not implement ECN notifications, or may respond uniquely to particular ECN flag types.
CAPEC-326: TCP Initial Window Size Probe
This OS fingerprinting probe checks the initial TCP Window size. TCP stacks limit the range of sequence numbers allowable within a session to maintain the "connected" state within TCP protocol logic. The initial window size specifies a range of acceptable sequence numbers that will qualify as a response to an ACK packet within a session. Various operating systems use different Initial window sizes. The initial window size can be sampled by establishing an ordinary TCP connection.
CAPEC-327: TCP Options Probe
This OS fingerprinting probe analyzes the type and order of any TCP header options present within a response segment. Most operating systems use unique ordering and different option sets when options are present. RFC 793 does not specify a required order when options are present, so different implementations use unique ways of ordering or structuring TCP options. TCP options can be generated by ordinary TCP traffic.
CAPEC-328: TCP 'RST' Flag Checksum Probe
This OS fingerprinting probe performs a checksum on any ASCII data contained within the data portion or a RST packet. Some operating systems will report a human-readable text message in the payload of a 'RST' (reset) packet when specific types of connection errors occur. RFC 1122 allows text payloads within reset packets but not all operating systems or routers implement this functionality.
CAPEC-329: ICMP Error Message Quoting Probe
An adversary uses a technique to generate an ICMP Error message (Port Unreachable, Destination Unreachable, Redirect, Source Quench, Time Exceeded, Parameter Problem) from a target and then analyze the amount of data returned or "Quoted" from the originating request that generated the ICMP error message.
CAPEC-330: ICMP Error Message Echoing Integrity Probe
An adversary uses a technique to generate an ICMP Error message (Port Unreachable, Destination Unreachable, Redirect, Source Quench, Time Exceeded, Parameter Problem) from a target and then analyze the integrity of data returned or "Quoted" from the originating request that generated the error message.
CAPEC-472: Browser Fingerprinting
An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
CAPEC-497: File Discovery
An adversary engages in probing and exploration activities to determine if common key files exists. Such files often contain configuration and security parameters of the targeted application, system or network. Using this knowledge may often pave the way for more damaging attacks.
CAPEC-508: Shoulder Surfing
In a shoulder surfing attack, an adversary observes an unaware individual's keystrokes, screen content, or conversations with the goal of obtaining sensitive information. One motive for this attack is to obtain sensitive information about the target for financial, personal, political, or other gains. From an insider threat perspective, an additional motive could be to obtain system/application credentials or cryptographic keys. Shoulder surfing attacks are accomplished by observing the content "over the victim's shoulder", as implied by the name of this attack.
CAPEC-573: Process Footprinting
An adversary exploits functionality meant to identify information about the currently running processes on the target system to an authorized user. By knowing what processes are running on the target system, the adversary can learn about the target environment as a means towards further malicious behavior.
CAPEC-574: Services Footprinting
An adversary exploits functionality meant to identify information about the services on the target system to an authorized user. By knowing what services are registered on the target system, the adversary can learn about the target environment as a means towards further malicious behavior. Depending on the operating system, commands that can obtain services information include "sc" and "tasklist/svc" using Tasklist, and "net start" using Net.
CAPEC-575: Account Footprinting
An adversary exploits functionality meant to identify information about the domain accounts and their permissions on the target system to an authorized user. By knowing what accounts are registered on the target system, the adversary can inform further and more targeted malicious behavior. Example Windows commands which can acquire this information are: "net user" and "dsquery".
CAPEC-576: Group Permission Footprinting
An adversary exploits functionality meant to identify information about user groups and their permissions on the target system to an authorized user. By knowing what users/permissions are registered on the target system, the adversary can inform further and more targeted malicious behavior. An example Windows command which can list local groups is "net localgroup".
CAPEC-577: Owner Footprinting
An adversary exploits functionality meant to identify information about the primary users on the target system to an authorized user. They may do this, for example, by reviewing logins or file modification times. By knowing what owners use the target system, the adversary can inform further and more targeted malicious behavior. An example Windows command that may accomplish this is "dir /A ntuser.dat". Which will display the last modified time of a user's ntuser.dat file when run within the root folder of a user. This time is synonymous with the last time that user was logged in.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
CAPEC-60: Reusing Session IDs (aka Session Replay)
This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
CAPEC-616: Establish Rogue Location
An adversary provides a malicious version of a resource at a location that is similar to the expected location of a legitimate resource. After establishing the rogue location, the adversary waits for a victim to visit the location and access the malicious resource.
CAPEC-643: Identify Shared Files/Directories on System
An adversary discovers connections between systems by exploiting the target system's standard practice of revealing them in searchable, common areas. Through the identification of shared folders/drives between systems, the adversary may further their goals of locating and collecting sensitive information/files, or map potential routes for lateral movement within the network.
CAPEC-646: Peripheral Footprinting
Adversaries may attempt to obtain information about attached peripheral devices and components connected to a computer system. Examples may include discovering the presence of iOS devices by searching for backups, analyzing the Windows registry to determine what USB devices have been connected, or infecting a victim system with malware to report when a USB device has been connected. This may allow the adversary to gain additional insight about the system or network environment, which may be useful in constructing further attacks.
CAPEC-651: Eavesdropping
An adversary intercepts a form of communication (e.g. text, audio, video) by way of software (e.g., microphone and audio recording application), hardware (e.g., recording equipment), or physical means (e.g., physical proximity). The goal of eavesdropping is typically to gain unauthorized access to sensitive information about the target for financial, personal, political, or other gains. Eavesdropping is different from a sniffing attack as it does not take place on a network-based communication channel (e.g., IP traffic). Instead, it entails listening in on the raw audio source of a conversation between two or more parties.
CAPEC-79: Using Slashes in Alternate Encoding
This attack targets the encoding of the Slash characters. An adversary would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the adversary many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.